Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-21118

Implement HTTP CORS support

    XMLWordPrintable

    Details

    • Sprint:
      Ventoux Sprint 2, Ventoux Sprint 3

      Description

      Cross-Origin Resource Sharing (CORS) is a W3C spec that allows cross-domain communication from the browser. From an API/Server perspective this relies on some headers send in the HTTP Request/Response + the support of OPTIONS request (the preflight request in the spec) so that the browser can transparently check whether CORS is supported or not.

      At the moment, the REST API v2 does not support the OPTIONS requests. In addition the required headers in API responses can be added with a (quite tricky) Apache configuration but IMHO, this should be handled by the REST bundle.

      Requirements

      • semantical configuration for allowed cross domains, including * (all)
      • return the request's origin: Access-Control-Allow-Origin: http://origin.example.com (or *)
      • OPTIONS must return the list of allowed methods. For now, it can be identical to the "normal" OPTIONS response, Allow, but using the Access-Control-Allow-Methods header
      • every CORS request must A) check if the origin is acceptable based on configuration, and refuse to reply if it isn't B) include the appropriate Access-Control headers
      • ... to be continued

      References

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              damien.pobel-obsolete@ez.no Damien Pobel (Inactive)
              Votes:
              3 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 1 day Original Estimate - 1 day
                  1d
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 4 days, 1 hour
                  4d 1h