Bypassing authentication for “Options request” (so all headers are sent in the response)

前端未结

关注

 2  1639

花落未央 2021-01-21 06:06

This is in the context of Cross-origin resource sharing. For the preflight request, the server is not sending the headers set. When a valid cookie is not passed with the \"Opti

2条回答

無奈伤痛 (楼主)

2021-01-21 06:48
We solved this with different configuration. Below is the snippet from myApplication.conf file at /usr/local/apache/conf/extra
```
    
      SetEnvIf Request_URI "/healthCheck" REDIRECT_noauth=1
      SetEnvIf Request_Method "OPTIONS" REDIRECT_noauth=1
      AuthType Basic
      AuthName "myService"
      AuthUserFile /usr/local/apache/conf/passwd/passwords
      AuthGroupFile /usr/local/apache/conf/passwd/groups
      Require group GroupName
      Order allow,deny
      Allow from env=REDIRECT_noauth
      Satisfy any
   
```
So, we can bypass the authentication:
- Based on particular URI, in above example /healthCheck is bypassed
- Based on HTTP method, in above example OPTIONS is bypassed and auth will be prompted for other HTTP methods
Hope it helps someone to resolve the issues.
0 讨论(0)

查看其它2个回答
发布评论:

提交评论
- 加载中...