Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add preflight support to HttpAuthenticationFilter #953

Open
jepsar opened this issue Jun 23, 2023 · 5 comments
Open

Add preflight support to HttpAuthenticationFilter #953

jepsar opened this issue Jun 23, 2023 · 5 comments
Labels
core Core Modules help-wanted Help Wanted shiro-2.0.0 Stale
Milestone
Backlog

Comments

@jepsar
Copy link

jepsar commented Jun 23, 2023

It would be nice if there was native (optional) support to always grant access to preflight requests.

https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request

In our JAX RS project, we added this to our filter:

  @Override
  protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
    if (isPreflightRequest(request)) {
      return true;
    }
    return super.isAccessAllowed(request, response, mappedValue);
  }

  protected boolean isPreflightRequest(ServletRequest request) {
    HttpServletRequest httpRequest = WebUtils.toHttp(request);
    return httpRequest.getHeader("Origin") != null && httpRequest.getMethod().equals("OPTIONS");
  }
@lprimak lprimak added shiro-2.0.0 core Core Modules labels Jun 23, 2023
@fpapon fpapon added this to the 2.0 milestone Jun 28, 2023
@lprimak
Copy link
Contributor

lprimak commented Jul 3, 2023

Contributions are welcome :) Thank you

@jepsar
Copy link
Author

jepsar commented Jul 3, 2023

Let me see what I can do.

@github-actions github-actions bot added the Stale label Oct 2, 2023
@lprimak lprimak added the help-wanted Help Wanted label Oct 3, 2023
@lprimak
Copy link
Contributor

lprimak commented Oct 3, 2023

@jepsar any update please?

@lprimak lprimak removed the Stale label Oct 3, 2023
@jepsar
Copy link
Author

jepsar commented Oct 5, 2023

I currently have some backlog of PrimeFaces work. Not sure when I can have a look at this issue.

@jub0bs
Copy link

jub0bs commented Oct 26, 2023
edited
Loading

@jepsar Be careful: not all OPTIONS request including an Origin header are preflight requests. To be sure that you're dealing with a preflight request, you should check that the request also includes an Access-Control-Request-Method. More details in https://fetch.spec.whatwg.org/#cors-preflight-request

@github-actions github-actions bot added the Stale label Jan 25, 2024
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Feb 2, 2024
@lprimak lprimak reopened this Feb 2, 2024
@github-actions github-actions bot removed the Stale label Feb 3, 2024
@lprimak lprimak modified the milestones: 2.0, 2.0.1 Feb 28, 2024
@lprimak lprimak modified the milestones: 2.0.1, 2.0.2, Backlog May 20, 2024
@github-actions github-actions bot added the Stale label Aug 21, 2024
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Aug 28, 2024
@lprimak lprimak reopened this Aug 28, 2024
@github-actions github-actions bot removed the Stale label Aug 29, 2024
@github-actions github-actions bot added the Stale label Nov 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
core Core Modules help-wanted Help Wanted shiro-2.0.0 Stale
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
4 participants
@lprimak @fpapon @jepsar @jub0bs