Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-111617

As an Instance Administrator, I want to be able to enable and configure portal cross resource sharing on portal instance level

    Details

      Description

      Description: Enable CORS for Instances, AKA SaaS ready CORS.

      ie each instance can have its own CORS settings.

      We have to make sure we have some consistency with auth verifiers: https://liferay.slack.com/archives/GLX0ZN4QH/p1586250350014300
      We need a detailed use case for the test planning, for instance what's the resource we want to configure for

      Rules:

      1. CORS headers in system CORS settings will be applied to all instances for the configured URL patterns, except,
      2. CORS headers in instance CORS settings will overwrite CORS headers in System CORS settings if they have a same URL pattern,
      3. In system CORS settings or a same instance CORS settings, same URL pattern is not allowed to be added twice.

      Example:

      System CORS settings configures an url pattern of /url/pattern/one/*, with Access-Control-Allow-Origin:https://www.google.com
      Instance 1 CORS settings configures an url pattern /url/pattern/two/*, with Access-Control-Allow-Origin:https://www.liferay.com
      Instance 2 CORS settings configures an url pattern /url/pattern/one/*, with Access-Control-Allow-Origin:https://www.liferay.com,
      and another url pattern /url/pattern/two/*, with Access-Control-Allow-Origin:https://www.github.com
      Instance 3 CORS settings configures nothing.

      For Instance 1:
      Hitting a url matching /url/pattern/one/* from https://www.google.com will return a CORS response.
      Hitting a url matching /url/pattern/one/* from https://www.liferay.com will not return a CORS response.
      Hitting a url matching /url/pattern/one/* from https://www.github.com will not return a CORS response.
      Hitting a url matching /url/pattern/two/* from https://www.google.com will not return a CORS response.
      Hitting a url matching /url/pattern/two/* from https://www.liferay.com will return a CORS response.
      Hitting a url matching /url/pattern/two/* from https://www.github.com will not return a CORS response.
      For Instance 2:
      Hitting a url matching /url/pattern/one/* from https://www.google.com will not return a CORS response.
      Hitting a url matching /url/pattern/one/* from https://www.liferay.com will return a CORS response.
      Hitting a url matching /url/pattern/one/* from https://www.github.com will not return a CORS response.
      Hitting a url matching /url/pattern/two/* from https://www.google.com will not return a CORS response.
      Hitting a url matching /url/pattern/two/* from https://www.liferay.com will not return a CORS response.
      Hitting a url matching /url/pattern/two/* from https://www.github.com will return a CORS response.
      For Instance 3:
      Hitting a url matching /url/pattern/one/* from https://www.google.com will return a CORS response.
      Hitting a url matching /url/pattern/one/* from https://www.liferay.com will not return a CORS response.
      Hitting a url matching /url/pattern/one/* from https://www.github.com will not return a CORS response.
      Hitting a url matching /url/pattern/two/* from https://www.google.com will not return a CORS response.
      Hitting a url matching /url/pattern/two/* from https://www.liferay.com will not return a CORS response.
      Hitting a url matching /url/pattern/two/* from https://www.github.com will not return a CORS response.
      Note: The term of CORS configuration refer only to PortalCORSConfiguration, but not the WebContextCORSConfiguration, WebContextCORSConfiguration will remain as a system settings.

      Acceptance Criteria

      1. As an Instance Administrator, I want to be able to enable and configure portal cross resource sharing on portal instance level with the same fields that are under the System Settings > Security Tools > Portal Cross-Origin Resource Sharing (CORS) section before the change
      2. As a Portal-Wide (Omni) Administrator, I want to be able to use an OSGi configuration file to manage portal instance level CORS settings.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              zsigmond.rab Zsigmond Rab
              Reporter:
              zsigmond.rab Zsigmond Rab
              Engineering Assignee:
              Arthur Chen
              Recent user:
              Eduardo García
              Participants of an Issue:
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 59 minutes
                  59m

                    Packages

                    Version Package
                    7.3.10 DXP GA1