From: Mathieu Baudier <mbaudier@argeo.org>
Date: Tue, 19 Mar 2019 12:20:26 +0000 (+0100)
Subject: Do not protect OPTIONS in runner servlet in order to enable CORS
X-Git-Tag: argeo-slc-2.1.16~13
X-Git-Url: http://git.argeo.org/?a=commitdiff_plain;h=31bee85058ca27fe6f5bab38dbc7189a226cd5ed;p=gpl%2Fargeo-slc.git

Do not protect OPTIONS in runner servlet in order to enable CORS
---

diff --git a/org.argeo.slc.core/src/org/argeo/slc/core/execution/http/RunnerServletContextHelper.java b/org.argeo.slc.core/src/org/argeo/slc/core/execution/http/RunnerServletContextHelper.java
index c216d6d59..3af5e73fa 100644
--- a/org.argeo.slc.core/src/org/argeo/slc/core/execution/http/RunnerServletContextHelper.java
+++ b/org.argeo.slc.core/src/org/argeo/slc/core/execution/http/RunnerServletContextHelper.java
@@ -25,6 +25,10 @@ public class RunnerServletContextHelper extends ServletContextHelper {
 			lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, new HttpRequestCallbackHandler(request, response));
 			lc.login();
 		} catch (LoginException e) {
+			// for CORS
+			// TODO: make it more robust
+			if ("OPTIONS".equals(request.getMethod()))
+				return true;
 			lc = processUnauthorized(request, response);
 			if (lc == null)
 				return false;