Allow CORS to be configured on SPSP and other HTTP endpoints #638

sappenin · 2020-04-10T00:49:54Z

We need CORS to be configurable in the Connector, especially for SPSP, but probably generally. The default should probably be */* or whatever, but we need to honor config here for proper ops deployment.

Also, see default SpringBoot functionality here - we should probably not do custom CORS if we can help it.

See https://spring.io/blog/2015/06/08/cors-support-in-spring-framework

The text was updated successfully, but these errors were encountered:

nhartner · 2020-04-10T05:37:33Z

This shouldn't be necessary for Xpring wallet because we aren't doing CORS calls to the connector. We used to do CORS calls to Hermes but even that is gone because wallet calls Hermes on the same domain as the wallet (for JWT cookie sharing)

sappenin added the bug label Apr 10, 2020

sappenin assigned nkramer44 Apr 10, 2020

sappenin changed the title ~~Allow CORS to be disabled on SPSP and other endpoints~~ Allow CORS to be configured on SPSP and other HTTP endpoints Apr 10, 2020

sappenin added this to Needs triage in Bug Board Sep 3, 2020

sappenin added this to To do in v0.6 (Cleanup + bugs) Sep 3, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Allow CORS to be configured on SPSP and other HTTP endpoints #638

Allow CORS to be configured on SPSP and other HTTP endpoints #638

sappenin commented Apr 10, 2020

nhartner commented Apr 10, 2020

Allow CORS to be configured on SPSP and other HTTP endpoints #638

Allow CORS to be configured on SPSP and other HTTP endpoints #638

Comments

sappenin commented Apr 10, 2020

nhartner commented Apr 10, 2020