cas-security-spring-boot-starter icon indicating copy to clipboard operation
cas-security-spring-boot-starter copied to clipboard

Published 20 hours ago verified publisher icon kakawait

Securing CORS RestAPI

Open lchrennew opened this issue 6 years ago • 1 comments

Hi,

I want to securing my APIs which are accessed cross domain, so my expected behavior is(e.g.GET http://my.api/users/me from http://my.web/):

open http://my.web -(fetch API)-> OPTION http://my.api/users/me -> HTTP 200 -> GET /users/me -> HTTP 403 or HTTP 401 -> location.href='http://my.api/login/cas?return_url=http://my.web/' -> http://my.api/login/cas?return_url=http://my.web/ -> HTTP 302 -> cas server

How could I implement this process?

lchrennew avatar Sep 19 '18 10:09 lchrennew

@lchrennew could you be more precise because I understood that part

OPTION http://my.api/users/me -> HTTP 200 ->
GET /users/me -> HTTP 403 or HTTP 401

but not

->
location.href='http://my.api/login/cas?return_url=http://my.web/' ->
http://my.api/login/cas?return_url=http://my.web/ -> HTTP 302 -> cas server

kakawait avatar Dec 05 '18 09:12 kakawait