Need to return 200 on OPTIONS for AuthType auth-openidc when session cookie not available #647

abg35 · 2021-08-17T17:39:20Z

abg35
Aug 17, 2021

When the AuthType is oauth20, the module returns a 200 when it receives an OPTIONS request, since OPTIONS requests do not send the Authorization header.

However, when the AuthType is auth-openidc, an OPTIONS request is unauthorized unless there is an OIDC session cookie. This means that the auth-openidc AuthType doesn't work for cors, since many browsers first send the OPTIONS request. Requesting that for OPTIONS request with auth-openidc, it also returns a 200, or that it can be configured to do so.

zandbelt · 2021-09-03T20:14:55Z

zandbelt
Sep 3, 2021
Maintainer

sorry it took a while to get to this, but this is now addressed in c675949

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Need to return 200 on OPTIONS for AuthType auth-openidc when session cookie not available #647

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

Need to return 200 on OPTIONS for AuthType auth-openidc when session cookie not available #647

Uh oh!

Uh oh!

abg35 Aug 17, 2021

Replies: 1 comment

Uh oh!

zandbelt Sep 3, 2021 Maintainer

abg35
Aug 17, 2021

zandbelt
Sep 3, 2021
Maintainer