Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWT plugin also blocks OPTIONS pre-flight messages #2643

Closed
jamestenglish opened this issue Jun 21, 2017 · 5 comments · Fixed by #2744
Closed

JWT plugin also blocks OPTIONS pre-flight messages #2643

jamestenglish opened this issue Jun 21, 2017 · 5 comments · Fixed by #2744

Comments

@jamestenglish
Copy link

Summary

Current the JWT plugin also blocks OPTIONS requests. Many libraries don't give the user the option to specify headers for the OPTIONS pre-flight. I.E. Angular HTTP module

Steps To Reproduce

$ curl -k -X OPTIONS https://KONG_URL:8443/API
{"message":"Unauthorized"}

Additional Details & Logs

  • Kong version 0.10.2
  • Operating System centos

Workaround

Currently you append ?jwt=.... to your URLs along with configuring the authorization header, but that makes the urls super ugly
@Tieske
Copy link
Member

Tieske commented Jun 23, 2017

workaround: #1535 (comment)

@jamestenglish
Copy link
Author

@Tieske Maybe I didn't look closely enough, but can you apply the plugin to all APIs and then remove it for certain APIs (like for options?). Ideally we don't want the overhead/risk of having to remember to apply to all new APIs

@p0pr0ck5
Copy link
Contributor

p0pr0ck5 commented Jul 9, 2017

@jamestenglish currently there is no negative model for global plugin assignment (e.g., there is no way to apply a plugin to all execept n APIs). This doesn't make the workaround noted above any less valid, though :)

@Tieske Tieske mentioned this issue Jul 27, 2017
Merged
Tieske added a commit that referenced this issue Jul 27, 2017
@Tieske
feat(jwt) skip authenticating preflight OPTIONS requests
b789bbc 
fixes #2643
Tieske added a commit that referenced this issue Aug 2, 2017
@Tieske
feat(jwt) skip authenticating preflight OPTIONS requests
52fb666 
fixes #2643
Tieske added a commit that referenced this issue Aug 2, 2017
@Tieske
feat(jwt) skip authenticating preflight OPTIONS requests
8de192e 
fixes #2643
@lucastheisen
Copy link

lucastheisen commented Aug 17, 2017
edited
Loading

@p0pr0ck5 , Just a little clarification on your workaround:

For now, one could workaround this by creating a separate API that forwards to the same upstream, handling only OPTIONS requests, that does not have this plugin enabled.

Does this mean i need to PATCH my original API limiting it's methods to exclude OPTIONS and then add this addtional API, or can i have 2 api's with the same hosts both serving OPTIONS and one get prioritized over the other?

--- EDIT ---
After just adding the additional API, it seems to work, however, it would be nice to know a little detail as to which API is chosen to serve a given request... I did not specify an methods on the original so assume it would serve all of them. That means I have 2 APIs that would fit this request... Why is one chosen over the other?

Tieske added a commit that referenced this issue Aug 31, 2017
@Tieske
feat(jwt) skip authenticating preflight OPTIONS requests
b32fda9 
fixes #2643
@thibaultcha
Copy link
Member

it would be nice to know a little detail as to which API is chosen to serve a given request

@lucastheisen Please see the docs https://getkong.org/docs/latest/proxy/

thibaultcha pushed a commit that referenced this issue Sep 8, 2017
@Tieske @thibaultcha
feat(jwt) option to skip auth on preflight requests
50f818e 
Fix #2643 
From #2744
thibaultcha pushed a commit that referenced this issue Oct 5, 2017
@Tieske @thibaultcha
feat(*) add run_on_preflight defaults migrations for jwt and key-auth
92cca86 
PRs #2744 and #2857 implemented the preflight options (for a minor
release). This adds the migrations including defaults (for a
major release).

From #2883
See #2643 #1292 #1535
thibaultcha pushed a commit that referenced this issue Jan 16, 2018
@Tieske @thibaultcha
feat(*) add run_on_preflight defaults migrations for jwt and key-auth
f7b0c42 
PRs #2744 and #2857 implemented the preflight options (for a minor
release). This adds the migrations including defaults (for a
major release).

From #2883
See #2643 #1292 #1535
thibaultcha pushed a commit that referenced this issue Jan 19, 2018
@Tieske @thibaultcha
feat(*) add run_on_preflight defaults migrations for jwt and key-auth
f475eeb 
PRs #2744 and #2857 implemented the preflight options (for a minor
release). This adds the migrations including defaults (for a
major release).

From #2883
See #2643 #1292 #1535
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(jwt) skip authenticating preflight OPTIONS requests Kong/kong
5 participants
@jamestenglish @Tieske @thibaultcha @lucastheisen @p0pr0ck5