upgrade breaks CORS in sockets.io requests

EsupPortail / esup-otp-api

REST API to send/validate One time passwords

https://www.esup-portail.org/wiki/display/esupotp

MIT License

5 stars 7 forks source link

upgrade breaks CORS in sockets.io requests #12

Closed prigaux closed 1 year ago

prigaux commented 1 year ago

In socket.io 1.x, CORS was enabled by default. Since socket.io 3.x, CORS must be enabled/configured explicitly.

Regression introduced in commit 0314de6c3982ec737aaba9d2027265e705b005a4 "build: upgrade package versions to fix vulnerabilities present in package.json file"

vbonamy commented 1 year ago

So since 0314de6, I understand we have to enable/configure explicitly on CAS server explicitly ? How ? Via apache configuration for example on CAS virtualhost ?

Header add Access-Control-Allow-Origin "esup-otp-api.univ-ville.fr";

would be ok ? Thank you.

prigaux commented 1 year ago

Not on the cas server, it must be done in esup-otp-api to allow to use on cas pages.

vbonamy commented 1 year ago

Thank you for PR #13 I merged it.