Details

    • Type: Technical Documentation
    • Status: Closed
    • Priority: Minor
    • Resolution: Completed
    • Affects Version/s: 7.3.X, 7.4.X, Master
    • Fix Version/s: 7.3.X, 7.3.6 CE GA7
    • Component/s: Application Security
    • Labels:
      None
    • Sprint:
      Iteration 49, Iteration 50, AppSec Iteration 51, AppSec Iteration 52, AppSec Iteration 53, AppSec Iteration 54, AppSec Iteration 55, AppSec Iteration 56
    • Type of Documentation:
      Developer

      Description

      Background
      Until this issue, CORS support has been conditional on the request from an external site being made with OAuth2; so we have created a property that facilitates the work for developers: it allows to activate CORS when you're using Portal Session or Basic Auth.
       
      Features
      We have added a new property to portal.properties:

          #
          # Set this to true to allow CORS without a guest security context or client
          # authorized using OAuth 2.0.
          #
          # Env: LIFERAY_CORS_PERIOD_DISABLE_PERIOD_AUTHORIZATION_PERIOD_CONTEXT_PERIOD_CHECK
          #
          cors.disable.authorization.context.check=false
      

      It defaults to false and if it is activated (set to true) allows CORS without a guest security context or client authorized using OAuth 2.0; we don't recommend activate it in a production environment.

      At portal-developer.properties the default value is true.

      Steps
      Any developer can work with this property, setting it to true to allows CORS using Portal Session or Basic Auth, we understand that this will be useful during the development phase of APIs or any development involving requests between different domains.
       
      Code
      We have simply added the property and a new check of it:

        Attachments

          Activity

            People

            Assignee:
            marta.medio Marta Medio
            Reporter:
            nora.szel Nóra Szél
            Recent user:
            Nóra Szél
            Participants of an Issue:
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Packages

                Version Package
                7.3.X
                7.3.6 CE GA7