[MediaWiki-l] VE blocked by CORS policy of MW SSO

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[MediaWiki-l] VE blocked by CORS policy of MW SSO

WikiMedia General mailing list
Hello,

I'm seeing an issue with VE on a MW system that uses a remote SSO. While MW itself work well with the SSO, VE has the following issue:

* SSO session expires (unknown to the client)
* Client attempts to edit a page using VE
* VE tries to contact the API via javascript
* Server redirect client to SSO for revalidation
* SSO refuses to process request due to the following error - "... blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource."
* Client gets VE "Something Went Wrong" message

Ref: https://www.mediawiki.org/wiki/Topic:V2qh378y0tj83so8 
* SSO cannot be configured to change CORS policy

Can VE be updated to meet the SSO CORS Policy?

/Rich

_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l