Open lchrennew opened 5 years ago
@lchrennew could you be more precise because I understood that part
OPTION http://my.api/users/me -> HTTP 200 ->
GET /users/me -> HTTP 403 or HTTP 401
but not
->
location.href='http://my.api/login/cas?return_url=http://my.web/' ->
http://my.api/login/cas?return_url=http://my.web/ -> HTTP 302 -> cas server
Hi,
I want to securing my APIs which are accessed cross domain, so my expected behavior is(e.g.
GET http://my.api/users/me
fromhttp://my.web/
):open http://my.web -(fetch API)->
OPTION http://my.api/users/me
->HTTP 200
->GET /users/me
->HTTP 403
orHTTP 401
->location.href='http://my.api/login/cas?return_url=http://my.web/'
->http://my.api/login/cas?return_url=http://my.web/
->HTTP 302
-> cas serverHow could I implement this process?