search

Accenture / reactive-interaction-gateway

Create low-latency, interactive user experiences for stateless microservices.
https://accenture.github.io/reactive-interaction-gateway
Apache License 2.0
590 stars 67 forks source link

Send CORS headers after failed Auth on http requests #344

Closed KaWigg closed 3 years ago

KaWigg commented 3 years ago

When authenticating against a secured endpoint in cors mode with wrong credentials, the proxy sends a response send_resp(:unauthorized, "Authentication failed.") without cors headers. Because we started the request as a cors request, the request fails with the current implementation for any client that cares about SOP, giving back a network error with no body. For frontend clients like browsers, this means we cant get a meaningful error message.

Adding the cors headers on failed authentication will give us the opportunity to handle them better in frontend since we get a correct http status and a body to read from.

mmacai commented 3 years ago

@KaWigg, Thanks, I'll take a look.