[aerogear-dev] [AG-SEC] HttpExceptionMapper and CORS

Hi, I realized that the HttpExceptionMapper[1] provided by ag-sec do not work well in a CORS environment when returning a 401 response to the client. Dan has found the fix by adding CORS headers in the HttpExceptionMapper, we implemented that in a custom class[2] . My question is, could we update the HttpExceptionMapper in ag-sec with these extra headers or does that expose any side effects/risks ? Or Should we provide just the CORS HttpExceptionMapper variant in ag-sec based on [2] and document that ? A JIRA [3] has been created to track this. Seb [1] https://github.com/aerogear/aerogear-security/blob/master/src/main/java/o... [2] https://github.com/aerogear/aerogear-push-quickstart-backend/blob/master/... [3] https://issues.jboss.org/browse/AGSEC-98