Skip to content

Improved: Add CORS origins configuration for API security policy (OFBIZ-13377)#1034

Merged
gsperi merged 1 commit into
apache:trunkfrom
golja:fix-cors
Mar 30, 2026
Merged

Improved: Add CORS origins configuration for API security policy (OFBIZ-13377)#1034
gsperi merged 1 commit into
apache:trunkfrom
golja:fix-cors

Conversation

@golja

@golja golja commented Mar 26, 2026

Copy link
Copy Markdown
Contributor

This PR is related to the issue raised by @gsperi on the dev-list on March 23, 2026 (subject: "rest-api plugin and CORS filter") regarding incorrect management of CORS origins in the rest-api plugin.

To address the issue, this PR:

  • introduces the new property cors.origins.allowed in security.properties, allowing the list of permitted origins to be specified;
  • adds the new method getCorsOriginsAllowed() to UtilMisc to retrieve the list of allowed origins from cors.origins.allowed.

@jacopoc

jacopoc commented Mar 27, 2026

Copy link
Copy Markdown
Contributor

It looks good to me.
@gsperi if you feel comfortable you can merge this pull request (and the one for ofbiz-plugins that depends on this).

@gsperi

gsperi commented Mar 30, 2026

Copy link
Copy Markdown
Contributor

It looks good to me. @gsperi if you feel comfortable you can merge this pull request (and the one for ofbiz-plugins that depends on this).

@jacopoc do you usually "Squash and merge" or "Rebase and merge"?

@jacopoc

jacopoc commented Mar 30, 2026

Copy link
Copy Markdown
Contributor

@gsperi I usually prefer to "Rebase and merge" in order to preserve the original commits of the author, if they are clean and they follow our guidelines, as it is the case for these two pull requests.

@gsperi

gsperi commented Mar 30, 2026

Copy link
Copy Markdown
Contributor

@gsperi I usually prefer to "Rebase and merge" in order to preserve the original commits of the author, if they are clean and they follow our guidelines, as it is the case for these two pull requests.

Ok, clear. I'll proceed with Rebase and Merge. Thank you Jacopo.

@gsperi gsperi merged commit e44355a into apache:trunk Mar 30, 2026
5 checks passed
@golja golja changed the title Improved: Add CORS origins configuration for API security policy Improved: Add CORS origins configuration for API security policy (OFBIZ-13377) Mar 30, 2026
@golja golja deleted the fix-cors branch April 7, 2026 10:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants