Kevin Rise created GUACAMOLE-1839:
-------------------------------------
Summary: JSON auth should set 'Access-Control-Allow-Origin = *'
Key: GUACAMOLE-1839
URL: https://issues.apache.org/jira/browse/GUACAMOLE-1839
Project: Guacamole
Issue Type: Bug
Components: guacamole-auth-json
Affects Versions: 1.5.2
Reporter: Kevin Rise
Setup:
* Guacamole/guacd: 1.5.2, Docker versions
* Browser: Chrome & Firefox (latest)
I'm trying to use the JSON auth and running into a problem where after doing
the POST to '<guacamole>/api/tokens' the response (that contains the required
login token) is getting blocked due to CORS. Everything works fine otherwise,
I can even see the log entry in Guacamole that the login was successful. But
the browser is blocking the response due to CORS.
I've got a javascript app (Vue if it matters) running in the browser making the
POST call.
What I think should happen (and admitting I'm not an expert in CORS) is that
the response to the POST call should set the 'Access-Control-Allow-Origin = *'
header in the response to allow the browser to let my app see the response.
I've tried a few simple tests, like using Chrome plugins to either 1) disable
CORS checks or 2) set the 'Access-Control-Allow-Origin = *' header in the POST
response, and both "fix" the problem.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
