[jira] [Commented] (KYLIN-6056) Cross-Origin Request Failures Caused by Spring Version Upgrade

Tue, 25 Feb 2025 01:11:19 -0800 


    [ 
https://issues.apache.org/jira/browse/KYLIN-6056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17930191#comment-17930191
 ] 

Guoliang Sun commented on KYLIN-6056:
-------------------------------------

h3. Root Cause

The root cause of the issue is that when the browser sends a complex request 
such as POST, it first sends an OPTIONS preflight request to check if the 
server supports cross-origin requests. If supported, the actual POST login 
request will be sent. However, Spring Security intercepts all requests, 
treating the OPTIONS request as one that requires authentication. The key issue 
is that the OPTIONS request cannot carry the `authorization` parameter, 
resulting in a 401 response. From the perspective of the JavaScript console 
errors, the symptom appears to be a cross-origin failure, but the real cause is 
an authorization validation failure. (Note: Since the "Get Projects" API has 
`permitAll` permissions, no authorization issues occur during its validation 
process, making it an ineffective method for testing this problem.)

 
h3. Dev Design

The solution to the above problem is to allow all OPTIONS requests by adding 
the following configuration in `kylinsecur.xml`:
{code:java}
<scr:intercept-url pattern="/**" method="OPTIONS" access="permitAll"/>{code}

> Cross-Origin Request Failures Caused by Spring Version Upgrade
> --------------------------------------------------------------
>
>                 Key: KYLIN-6056
>                 URL: https://issues.apache.org/jira/browse/KYLIN-6056
>             Project: Kylin
>          Issue Type: Bug
>    Affects Versions: 5.0.0
>            Reporter: Guoliang Sun
>            Assignee: Guoliang Sun
>            Priority: Major
>             Fix For: 5.0.2
>
>         Attachments: image-2025-02-25-17-01-48-610.png
>
>
> The BI client accesses via JavaScript cross-origin requests, but even after 
> configuring the cross-origin whitelist, normal access is still not possible. 
> The following errors are reported in the frontend console:
> !image-2025-02-25-17-01-48-610.png|width=556,height=158!



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to