[
https://issues.apache.org/jira/browse/YUNIKORN-2967?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17897103#comment-17897103
]
Wilfred Spiegelenburg commented on YUNIKORN-2967:
-------------------------------------------------
The tests for this change extend a new file added in YUNIKORN-2965. Waiting for
that change to be committed before opening a PR for this cleanup.
> Cleanup REST response headers
> -----------------------------
>
> Key: YUNIKORN-2967
> URL: https://issues.apache.org/jira/browse/YUNIKORN-2967
> Project: Apache YuniKorn
> Issue Type: Improvement
> Components: core - common
> Reporter: Wilfred Spiegelenburg
> Assignee: Wilfred Spiegelenburg
> Priority: Major
>
> The REST responses set a standard header set on all responses.
> The [RFC|https://datatracker.ietf.org/doc/html/rfc7480#section-5.6] says for
> CORS headers:
> {code:java}
> Use of the Access-Control-Allow-Credentials header field is NOT
> RECOMMENDED.{code}
> We set that header to TRUE, we should not do that.
> All methods are part of all responses in the Access-Control-Allow-Methods
> list. That is not correct, we do not support HEAD and only POST for one. We
> should not set all of these methods, just the GET or POST beside the OPTIONS
> that is supported.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
