Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cors allowed headers do not include "Authorization" which is the default headers used with OAuth. #4249

Closed
chicco785 opened this issue Dec 16, 2022 · 6 comments
Closed

Cors allowed headers do not include "Authorization" which is the default headers used with OAuth. #4249

chicco785 opened this issue Dec 16, 2022 · 6 comments
Milestone
3.8.0

Comments

@chicco785
Copy link
Contributor

Could you please add "Authorization" in the list of Cors allowed headers?

fiware-orion/src/lib/rest/HttpHeaders.h

Line 68 in 0dc7718

#define CORS_ALLOWED_HEADERS HTTP_CONTENT_TYPE ", " HTTP_FIWARE_SERVICE ", " HTTP_FIWARE_SERVICEPATH ", " HTTP_NGSIV2_ATTRSFORMAT ", " HTTP_FIWARE_CORRELATOR ", " HTTP_X_FORWARDED_FOR ", " HTTP_X_REAL_IP ", " HTTP_X_AUTH_TOKEN

@fgalan
Copy link
Member

fgalan commented Dec 16, 2022

If you create the pull request for adding it, we can include it in the next release (soon to be frozen ;)

Is this the only point that need to be touched? Please check also documentation.

Finally, don't forget to add the corresponding entry to CHANGES_NEXT_RELEASE file, please.

Thanks!

@fgalan
Copy link
Member

fgalan commented Dec 16, 2022

Btw, could you provide a little more context about the usage? I mean, in which case (architecture, etc.) are you using Orion with a system requiring CORS.

Thanks again!

@chicco785
Copy link
Contributor Author

If you create the pull request for adding it, we can include it in the next release (soon to be frozen ;)

Is this the only point that need to be touched? Please check also documentation.

Finally, don't forget to add the corresponding entry to CHANGES_NEXT_RELEASE file, please.

Thanks!

Not a C developer. Said that, if it's just about adding that to the list, I can do, more complex if I need to develop a test case :)

@chicco785
Copy link
Contributor Author

Btw, could you provide a little more context about the usage? I mean, in which case (architecture, etc.) are you using Orion with a system requiring CORS.

Thanks again!

We have an admin interface, now in front of Orion, we recently added a new authz proxy based on envoy, which by default pass all headers, so the issue popped up.

@fgalan
Copy link
Member

fgalan commented Dec 16, 2022

Not a C developer. Said that, if it's just about adding that to the list, I can do, more complex if I need to develop a test case :)

Do a PR without the test so we can check if something break ;)

Next, maybe just adapting (copy-paste-modify) some of the tests in https://github.com/telefonicaid/fiware-orion/tree/master/test/functionalTest/cases/0501_cors would suffice. Please have a look.

@chicco785 chicco785 mentioned this issue Dec 17, 2022
Open
fgalan added a commit that referenced this issue Dec 19, 2022
@fgalan
Merge pull request #4251 from orchestracities/fix-4249
f0ee2ed 
Add "Authorization" in the list of Cors allowed headers (#4249)
@fgalan fgalan mentioned this issue Dec 19, 2022
Merged
@fgalan fgalan added this to the 3.8.0 milestone Dec 19, 2022
@fgalan
Copy link
Member

fgalan commented Dec 19, 2022

Fixed by PR #4251

@fgalan fgalan closed this as completed Dec 19, 2022
fisuda added a commit to fisuda/fiware-orion that referenced this issue Dec 20, 2022
@fisuda
(JP) ADD doc about "Authorization" in the list of Cors allowed headers (
a513048 
telefonicaid#4249)
fgalan added a commit that referenced this issue Dec 20, 2022
@fgalan
Merge pull request #4253 from fisuda/patch-1
70ef91a 
(JP) ADD doc about "Authorization" in the list of Cors allowed headers (#4249)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.8.0
Development

No branches or pull requests
2 participants
@chicco785 @fgalan