Do not protect OPTIONS in runner servlet in order to enable CORS

diff --git a/org.argeo.slc.core/src/org/argeo/slc/core/execution/http/RunnerServletContextHelper.java b/org.argeo.slc.core/src/org/argeo/slc/core/execution/http/RunnerServletContextHelper.java
index c216d6d599b8cf45dcddd25cba07e1ad09fe2c0e..3af5e73facc56ab3b3166e462d354206c4c386f0 100644 (file)
--- a/org.argeo.slc.core/src/org/argeo/slc/core/execution/http/RunnerServletContextHelper.java
+++ b/org.argeo.slc.core/src/org/argeo/slc/core/execution/http/RunnerServletContextHelper.java
@@ -25,6 +25,10 @@ public class RunnerServletContextHelper extends ServletContextHelper {
                        lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, new HttpRequestCallbackHandler(request, response));
                        lc.login();
                } catch (LoginException e) {
+                       // for CORS
+                       // TODO: make it more robust
+                       if ("OPTIONS".equals(request.getMethod()))
+                               return true;
                        lc = processUnauthorized(request, response);
                        if (lc == null)
                                return false;