First Last Prev Next    This bug is not in your last search results.
Bug 57048 - Guardian Management API CORS settings do not work
Guardian Management API CORS settings do not work
Status: NEW
Product: UCS
Classification: Unclassified
Component: Guardian
UCS 5.0
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS@school maintainers
UCS@school maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2024-02-08 15:23 CET by J Leadbetter
Modified: 2024-02-08 15:34 CET (History)
1 user (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.034
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description J Leadbetter univentionstaff 2024-02-08 15:23:11 CET 
In Guardian Management API 2.0.0, Management UI is installed on a different server from the Management API, it throws a CORS error.

We have an AppCenter setting in the Guardian, guardian-management-api/cors/allowed-origins that is supposed to allow the Management API to set valid CORS origins. However, setting this value does not seem to work. Here are some example strings that were tried:

* `*`
* `http://10.207.90.239,https://10.207.90.239,http://primary.school.test,https://primary.school.test,http://school1.school.test,https://school1.school.test`

Please see [this gitlab issue](https://git.knut.univention.de/univention/components/authorization-engine/guardian/-/issues/216) for screenshots and `univention-app configure` commands used for setup.
First Last Prev Next    This bug is not in your last search results.