Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-123627

No 'Access-Control-Allow-*' return if changed the value of CORS Response Headers in portal

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Resolution: Incomplete
    • Affects Version/s: Master
    • Fix Version/s: Master
    • Component/s: Application Security
    • Labels:
      None

      Description

      Step to reproduce:
      1. Add cors.disable.authorization.context.check=true into portal-ext.properties
      2. Start bundle
      3. Login portal
      4. Add new CORS
      5. Edit Access-Control-Allow-Headers: * to Access-Control-Allow-Headers: Get,Post
      6. Click Save
      7. Open http://localhost:8080/api/jsonws
      8. Send a request like http://localhost:8080/api/jsonws/user/get-user-by-id
      9. Click Invoke
      10. Check the response header via browser

      Expected result: There are Access-Control-Allow-* returned in response header

      Actual result: There are no return Access-Control-Allow-* in response header.

      Note: Change the Access-Control-Allow-Origin:* to Access-Control-Allow-Origin:http://www.test.com also doesn't work.

        Attachments

          Activity

            People

            Assignee:
            della.wang Della Wang (Inactive)
            Reporter:
            della.wang Della Wang (Inactive)
            Participants of an Issue:
            Recent user:
            Della Wang (Inactive)
            Engineering Assignee:
            Marta Medio
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              21 weeks, 6 days ago

                Packages

                Version Package
                Master