Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0048402
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Retail Modules] Web POS Hardware Managermajorhave not tried2022-01-14 09:152022-01-14 09:15
ReporteradrianromeroView Statuspublic 
Assigned Toadrianromero 
PrioritynormalResolutionopenFixed in Version
StatusnewFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned To
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0048402: Private network access preflight CORS header for the Hardware Manager

DescriptionDue to a new Chrome security policy, the hardware manager must add a new header in its CORS preflight responses allowing private network access.
 
New Chrome policy
https://developer.chrome.com/blog/private-network-access-preflight/ [^]

This header is the following:
Access-Control-Allow-Private-Network: true

Note: as a good practice the hardware manager should not allow all origins as valid callers:
Access-Control-Allow-Origin: *
And prevent this configuring it can be invoked only from Openbravo.
Steps To ReproduceN/A
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2022-01-14 09:15 adrianromero New Issue
2022-01-14 09:15 adrianromero Assigned To => adrianromero
2022-01-14 09:15 adrianromero Triggers an Emergency Pack => No


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker