Missing CORS headers when write actions are rejected #720

asaunier · 2018-02-01T10:18:47Z

Tested in prod, demo and in a personal instance:

if a write action is accepted, nothing special is reported on the UI side in browsers' dev consoles
on the other hand, if the write action is rejected (blocked or rate limited user, 500 error?), the UI error processing is not performed as expected (Add support of rate limiting message v6_ui#1989) and CORS errors are reported in the browsers' dev consoles:

It seems CORS headers are not returned when an exception is raised while processing the request.

asaunier · 2018-02-01T13:59:00Z

See investigations about CORS starting at c2corg/v6_ui#1989 (comment)

lbesson · 2021-05-03T10:40:14Z

Updating cornice will probably solve the issue.

asaunier mentioned this issue Feb 1, 2018

Add support of rate limiting message c2corg/v6_ui#1989

Merged

fjacon assigned arnaud-morvan Feb 1, 2018

cbeauchesne unassigned arnaud-morvan Oct 30, 2019

lbesson mentioned this issue May 3, 2021

Set Access-Control-Allow-Origin header to * on 401 responses #730

Open

Provide feedback