[wildfly-dev] Push for CORS in WildFly 8

Darran Lofthouse darran.lofthouse at jboss.com
Tue Dec 10 09:35:20 EST 2013


To get this implemented the first thing we need is some detailed 
analysis of how the Host and Origin headers will be used by different 
browsers for the different distribution approaches we will take for the 
different consoles.

We will need to take into account how this could be affected by proxies 
/ firewalls etc...

Considering the different distribution approaches we will need to 
consider implications for malicious consoles / web pages etc possibly 
from the same source and any options to mitigate this.

But then overall it should be a case of configuration to allow a 
relaxation of the Host / Origin match with acceptable values.

Regards,
Darran Lofthouse.


On 10/12/13 13:17, ssilvert at redhat.com wrote:
> Re: https://issues.jboss.org/browse/WFLY-1014
>
> I'd like to request that we take a harder look at getting WFLY-1014
> done.  This feature allows CORS requests into the HTTP management endpoint.
>
> This would solve two problems:
> 1) The web console must ship with WildFly and must be downloaded from
> the WildFly instance it is talking to.
> 2) No other console is allowed to use the HTTP management endpoint.  So,
> a layered product's console can not control its own subsystem.
>
> Herald gives a nice overview of what this would mean for the Web Console:
> http://hpehl.info/independent-jboss-admin-console.html
>
> It would be very beneficial for other products as well.  Can we get this
> done?
>
> Stan
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>


More information about the wildfly-dev mailing list