Skip to content

/openapi should provider CORS headers #416

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
rafabene opened this issue Mar 31, 2020 · 7 comments · Fixed by #521
Closed

/openapi should provider CORS headers #416

rafabene opened this issue Mar 31, 2020 · 7 comments · Fixed by #521
Assignees
@Emily-Jiang
Labels
hangout topic
Milestone
MP OpenAPI 3.1

Comments

@rafabene
Copy link

Since CORS support is not mandatory in the specification, I've seen some implementations that doesn't use CORS headers on /openapi.

However, tools like Swagger presents the following error message when consuming a MP application with OpenAPI without CORS headers: "Possible cross-origin (CORS) issue? The URL origin (http://localhost:8080) does not match the page (http://localhost). Check the server returns the correct 'Access-Control-Allow-*' headers."

This issue is to request that CORS headers should be mandatory to enable tools like Swagger-UI to consume /openapi endpoint.
@EricWittmann
Copy link
Contributor

We'll discuss this in the next hangout.

@phillip-kruger
Copy link
Contributor

Quarkus does have it in the vert.x router.

@EricWittmann
Copy link
Contributor

@phillip-kruger confirmed that Quarkus has CORS enabled for the /openapi endpoint but we'll need to double check on Thorntail and WildFly. We discussed this on the call today and we are not convinced that CORS is something the spec should be mandating. So I think we're inclined to close this as rejected, unless @MikeEdgar or @arthurdm (or anyone else) have dissenting opinions.

@MikeEdgar
Copy link
Contributor

I agree, this can be handled in implementations

@tjquinno tjquinno mentioned this issue Apr 17, 2020
Open
@MikeEdgar
Copy link
Contributor

Closing issue. As noted in earlier comments, this is something that will continue to be not included in the specification.

@Emily-Jiang
Copy link
Member

@MikeEdgar I think it will be a good support for CORS header though. @tjquinno what do you think?

@Emily-Jiang
Copy link
Member

@MikeEdgar I reopened this issue for further discussion. If we all think it is not something we should spec, we can then close it.

@Emily-Jiang Emily-Jiang reopened this Feb 28, 2022
Azquelt pushed a commit to Azquelt/microprofile-open-api that referenced this issue Mar 17, 2022
@phillip-kruger
Fix for microprofile#416 - Default in Vert.x when no path is specifie…
f7e6015 
…d is all HTTP Methods.

Signed-off-by:Phillip Kruger <[email protected]>
@Emily-Jiang Emily-Jiang self-assigned this Mar 22, 2022
@Emily-Jiang Emily-Jiang mentioned this issue Mar 22, 2022
Merged
@Azquelt Azquelt added this to the MP OpenAPI 3.1 milestone Jun 13, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Emily-Jiang Emily-Jiang

Labels
hangout topic
Projects
None yet
Milestone
MP OpenAPI 3.1
Development

Successfully merging a pull request may close this issue.

update spec regarding cors Emily-Jiang/microprofile-open-api
6 participants
@rafabene @EricWittmann @Azquelt @phillip-kruger @Emily-Jiang @MikeEdgar