Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-12246

CORS policy is not applied on resources coming from webjars

    XMLWordPrintable

Details

    • Unknown
    • N/A
    • N/A

    Description

      Actually XWIKI-11300 strikes again (see screenshot) on xwiki.org.

      From what I see, the CORS policy is not applied on the webjar resources (I don't see "Access-Control-Allow-Origin" in the HTTP headers).
      It seems it has been caused by XWIKI-10881.

      Some errors I see:

      https://github.com/xwiki/xwiki-platform/blob/xwiki-platform-7.1/xwiki-platform-core/xwiki-platform-web/src/main/webapp/WEB-INF/web.xml#L228

      <filter-mapping>
          <filter-name>Set CORS policy for fonts</filter-name>
          <url-pattern>/bin/webjars/*</url-pattern>
      </filter-mapping>
      

      The URL patten has not been updated. It should be /webjars/* (without the /bin part).

      Moreover, it seems we should add

      <dispatcher>FORWARD</dispatcher>
      

      to this filter, according to
      https://github.com/xwiki/xwiki-platform/blob/xwiki-platform-7.1/xwiki-platform-core/xwiki-platform-resource/xwiki-platform-resource-servlet/src/main/java/org/xwiki/resource/servlet/RoutingFilter.java#L150

      this.servletContext.getNamedDispatcher("resourceReferenceHandler").forward(request, response);
      

      But tested on xwiki.org, it actually does not solve the issue.

      Anyway, setting the CORS policy with a filter at web.xml was a temporary solution. Now that we have XWIKI-10881, we might want to implement a filter with the XWiki components.

      Attachments

        1. bug.png
          16 kB
          Guillaume Delhumeau

        Issue Links

          Activity

            People

              vmassol Vincent Massol
              gdelhumeau Guillaume Delhumeau
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: