Cross domain authentication, ajax request and same origin policy
In cross domain authentication mode, when making unauthenticated request in handler, after being redirected to the portal, the portal responds with http/401 code, "WWW-Authenticate xxx" and "Access-Control-Allow-Origin: *" headers. But browser fails with "Credential is not supported if the CORS header ‘Access-Control-Allow-Origin’ is ‘*’".
- I have commented out the following line https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/blob/v1.9/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm#L1596
- And added the necessary CORS headers to the portal's virtualhost in apache configuration file.
If portal needs to set the "Access-Control-Allow-Origin" maybe the use of "trustedDomains" values of the portal parameter would be a good choice ?
Thank you very much for your work !