Canonical Juju

Juju API calls don't support CORS requests with OPTIONS

Bug #1864517 reported by Jeff Pihach
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical Juju
Triaged
Low
Unassigned

Bug Description

When attempting to discharge a login macaroon over http the preceding OPTIONS call is rejected with a 405. The OPTIONS requests to the login endpoints to not seem to be supported: https://github.com/juju/juju/blob/df7d6fde8fa0a212ef53a5ac24952b0cebcfd864/apiserver/stateauthenticator/locallogin.go#L53

Revision history for this message
Jeff Pihach (hatch) wrote :

To expand on this, the endpoints need to be able to support CORS requests from the Juju Dashboard.

Revision history for this message
Richard Harding (rharding) wrote :

We looked and not sure we need this at the moment. If we go through and support CORS requests with OPTIONS we should look to do this globally in a better fashion. Marking as wishlist and renaming towards total CORS support for now.

summary: - Macaroon discharge endpoint doesn't support OPTIONS
+ Juju API calls don't support CORS requests with OPTIONS
Changed in juju:
status: New → Triaged
importance: Undecided → Wishlist
Revision history for this message
Canonical Juju QA Bot (juju-qa-bot) wrote :

This bug has not been updated in 2 years, so we're marking it Low importance. If you believe this is incorrect, please update the importance.

Changed in juju:
importance: Wishlist → Low
tags: added: expirebugs-bot
Revision history for this message
Huw Wilkins (huwshimi) wrote :

This is still an issue for the dashboard. This is to support discharging a login macaroon vs user/pass authentication. There are two reasons this would be good for the Dashboard:

1. At the moment any visit to the dashboard or refreshing the page requires the user to log in again.

2. The dashboard supports adding additional controller which requires storing the username and password in local storage, with macaroon auth we wouldn't need to keep hold of the user's creds.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.