[aerogear-dev] [AG-SEC] HttpExceptionMapper and CORS
Sebastien Blanc
scm.blanc at gmail.com
Wed Aug 7 11:58:03 EDT 2013
Hi,
I realized that the HttpExceptionMapper[1] provided by ag-sec do not work
well in a CORS environment when returning a 401 response to the client.
Dan has found the fix by adding CORS headers in the HttpExceptionMapper, we
implemented that in a custom class[2] .
My question is, could we update the HttpExceptionMapper in ag-sec with
these extra headers or does that expose any side effects/risks ?
Or Should we provide just the CORS HttpExceptionMapper variant in ag-sec
based on [2] and document that ?
A JIRA [3] has been created to track this.
Seb
[1]
https://github.com/aerogear/aerogear-security/blob/master/src/main/java/org/jboss/aerogear/security/exception/HttpExceptionMapper.java
[2]
https://github.com/aerogear/aerogear-push-quickstart-backend/blob/master/src/main/java/org/jboss/aerogear/aerodoc/rest/CorsExceptionHandler.java
[3] https://issues.jboss.org/browse/AGSEC-98
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130807/373cf6b9/attachment.html
More information about the aerogear-dev
mailing list