Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15809

Update CORS service for IE11 compatibility

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.5.1, 6.5.2, 7.0.0
    • Fix Version/s: 7.0.0
    • Component/s: None
    • Labels:
    • Target Version/s:
    • Support Ticket IDs:

      Description

      The CORS service currently outputs multiple Access-Control-Allow-Headers headers, one per allowed header.  While this is technically correct, IE11 expects a single Access-Control-Allow-Headers header with allowed headers as a comma-delimited list:

      https://stackoverflow.com/a/51875204

      Relevant code:

      https://stash.forgerock.org/projects/OPENAM/repos/openam/browse/openam-cors/cors-service/src/main/java/org/forgerock/openam/cors/CorsService.java#247

       

      I confirmed changing to a comma-delimited list of allowed headers works in IE11 on Windows 10 using Fiddler to manipulate the CORS response.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                peter.major Peter Major [X] (Inactive)
                Reporter:
                jared.jensen Jared Jensen
              • Votes:
                0 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: