Apache Allura™

Forge software for hosting software projects

Brought to you by: alexluberg, brondsem, ccruz, deshani, and 11 others

#7927 Enable CORS access to rest APIs

Milestone: v1.3.1

Status: closed

Owner: Igor Bondarenko

Labels: api (18) sf-2 (994) 42cc (432)

Component: General

Reviewer: Dave Brondsema

Updated: 2015-07-27

Created: 2015-07-13

Creator: Dave Brondsema

Private: No

Original request: https://sourceforge.net/p/forge/feature-requests/426/

May need .ini settings if this is something that some sites would want and not others.

Discussion

Dave Brondsema - 2015-07-13

labels: api --> api, sf-2, sf-current
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Igor Bondarenko - 2015-07-14

labels: api, sf-2, sf-current --> api, sf-2, sf-current, 42cc

status: open --> in-progress

assigned_to: Igor Bondarenko
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Igor Bondarenko - 2015-07-16

Closed #821. ib/7927

QA instructions:

See the notes below depending on your setup

Generate bearer token at /auth/oauth

Open this script in your browser and play with various API endpoints/methods

Local notes:

Uncomment cors.enabled, cors.methods and cors.headers in development.ini

Comment out https check for APIs

Allura/allura/controllers/rest.py

#if not testing and request.scheme != 'https': #request.environ['pylons.status_code_redirect'] = True #raise exc.HTTPForbidden

Sandbox notes:

Make sure you are using https for the request or else you will get constant 403

Add cors.enabled, cors.methods and cors.headers to production.ini

Enable passing auth headers in apache

/etc/httpd/conf.d/allura-venv.conf

WSGIPassAuthorization On

Last edit: Igor Bondarenko 2015-07-17
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Igor Bondarenko - 2015-07-16

status: in-progress --> review
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2015-07-16

Reviewer: Dave Brondsema
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2015-07-21

status: review --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2015-07-21

Found two minor issues with the cache setting, and fixed them. Also added another test to assert a tricky attack vector stays closed.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2015-07-27

labels: api, sf-2, sf-current, 42cc --> api, sf-2, 42cc
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2015-08-10

Milestone: unreleased --> v1.3.1
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.