Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-12246

CORS policy is not applied on resources coming from webjars

    Details

    • Difficulty:
      Unknown
    • Documentation:
      N/A
    • Documentation in Release Notes:
      N/A
    • Similar issues:

      Description

      Actually XWIKI-11300 strikes again (see screenshot) on xwiki.org.

      From what I see, the CORS policy is not applied on the webjar resources (I don't see "Access-Control-Allow-Origin" in the HTTP headers).
      It seems it has been caused by XWIKI-10881.

      Some errors I see:

      https://github.com/xwiki/xwiki-platform/blob/xwiki-platform-7.1/xwiki-platform-core/xwiki-platform-web/src/main/webapp/WEB-INF/web.xml#L228

      <filter-mapping>
          <filter-name>Set CORS policy for fonts</filter-name>
          <url-pattern>/bin/webjars/*</url-pattern>
      </filter-mapping>
      

      The URL patten has not been updated. It should be /webjars/* (without the /bin part).

      Moreover, it seems we should add

      <dispatcher>FORWARD</dispatcher>
      

      to this filter, according to
      https://github.com/xwiki/xwiki-platform/blob/xwiki-platform-7.1/xwiki-platform-core/xwiki-platform-resource/xwiki-platform-resource-servlet/src/main/java/org/xwiki/resource/servlet/RoutingFilter.java#L150

      this.servletContext.getNamedDispatcher("resourceReferenceHandler").forward(request, response);
      

      But tested on xwiki.org, it actually does not solve the issue.

      Anyway, setting the CORS policy with a filter at web.xml was a temporary solution. Now that we have XWIKI-10881, we might want to implement a filter with the XWiki components.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                vmassol Vincent Massol
                Reporter:
                gdelhumeau Guillaume Delhumeau
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: