istSOS / istsos2

Easily manage your sensor network and distribute your data in a standard way
Other
16 stars 30 forks source link

OPTIONS HTTP request may not ask for autorization headers #83

Open TheoLechemia opened 1 year ago

TheoLechemia commented 1 year ago

Hello,

As I mentionned in the IstSOS google group we have developped a small frontend to see sensors and plot their data based on the istSOS API : https://groups.google.com/g/istsos/c/YIl6tFgs7So Everything work well until we put serve our application behind a domain (different that the istSOS one) ang got CORS issues. Our istSOS is protected by the HTTP Basic Authentication following the dedicated doc, but the istSOS always check the authentification, even for OPTIONS request (which it looks like to be not standard : https://fetch.spec.whatwg.org/#http-responses) I had to "hack" a little bit my Apache conf to manage this issue :

SetEnvIf Request_Method "OPTIONS" noauth=1
        <RequireAny>
            Require env noauth
            Require valid-user
        </RequireAny>

but maybe it would better to do it at the application level. I could propose a pull request if you aggree with this evolution ?

Thank you