Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow configuring of CORS allow origin headers #456

Open
indy-independence opened this issue Feb 19, 2024 · 1 comment
Open

Allow configuring of CORS allow origin headers #456

indy-independence opened this issue Feb 19, 2024 · 1 comment

Comments

@indy-independence
Copy link

Code Version

running satosa in docker, with SATOSA oidcop frontend

Expected Behavior

Have a way to configure CORS allowed origins, for example in keycloak they seem to call it "Web Origins" and it's configured per client

Current Behavior

When making requests to for example openid-configuration or userinfo endpoint from a react SPA, requests are blocked because there is no Access-Control-Allow-Origin headers in the response, and I can't find a way to configure this in satosa

Possible Solution

New configurations and/or documentation?

Steps to Reproduce
@c00kiemon5ter
Copy link
Member

Right now this functionality is offloaded to the frontend web-server that you are probably already using (ie, nginx). There you can define properly what headers should be returned for a specific request.

I do not reject implementing this but it is definitely not a priority, and it brings in the question "how many other things that a web-server does should be part of the configuration of this app?".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@c00kiemon5ter @indy-independence