Steven Tippetts created CXF-4615:
------------------------------------
Summary: OAuthRequestFilter.java should ignore HTTP OPTIONS verb
Key: CXF-4615
URL: https://issues.apache.org/jira/browse/CXF-4615
Project: CXF
Issue Type: Bug
Components: JAX-RS Security
Affects Versions: 2.7.0, 2.6.2
Reporter: Steven Tippetts
Priority: Critical
In handleRequest of OAuthRequestFilter.java at line 54 something similar to the
following should be added:
if (((String)m.get(Message.HTTP_REQUEST_METHOD)).equals("OPTIONS")) return null;
This will skip any HTTP OPTIONS verb requests. I'm getting the OPTIONS verb
request when using an OAuth 2 javascript client.
I haven't found a way in the configuration to specify that OPTIONS requests
should skip this filter.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
