https://connect.hyland.com/t5/nuxeo-forum/nuxeo-ep-shouldn-t-require-authentication-for-cors-preflight/m-p/315332#M2333 <P>I am unable to make cross-domain requests to Nuxeo's Automation REST service, using jQuery, because the server is requiring that the client authenticate before it will answer the OPTIONS CORS request. I don't think that is valid, the server should not require authentication for CORS preflight requests - this can be achieved in tomcat with something along those lines:</P> <PRE><CODE>&lt;LimitExcept OPTIONS HEAD&gt; Require valid-user &lt;/LimitExcept&gt; </CODE></PRE> <P>Below is a trace that demonstrates the problem, any workaround welcome, jQuery won't proceed upon receving a 401:</P> <PRE><CODE><A href="http://localhost:8083/nuxeo/site/automation/Document.GetChildren" target="test_blank">http://localhost:8083/nuxeo/site/automation/Document.GetChildren</A> OPTIONS /nuxeo/site/automation/Document.GetChildren HTTP/1.1 Host: localhost:8083 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Origin: <A href="http://localhost:8080" target="test_blank">http://localhost:8080</A> Access-Control-Request-Method: GET Access-Control-Request-Headers: authorization Pragma: no-cache Cache-Control: no-cache HTTP/1.1 401 Unauthorized Server: Apache-Coyote/1.1 WWW-Authenticate: Basic realm="Nuxeo Automation" Content-Type: text/html;charset=utf-8 Content-Length: 954 Date: Mon, 22 Oct 2012 10:04:46 GMT </CODE></PRE> Mon, 22 Oct 2012 12:22:16 GMT franck102_ 2012-10-22T12:22:16Z https://connect.hyland.com/t5/nuxeo-forum/nuxeo-ep-shouldn-t-require-authentication-for-cors-preflight/m-p/315332#M2333 <P>I am unable to make cross-domain requests to Nuxeo's Automation REST service, using jQuery, because the server is requiring that the client authenticate before it will answer the OPTIONS CORS request. I don't think that is valid, the server should not require authentication for CORS preflight requests - this can be achieved in tomcat with something along those lines:</P> <PRE><CODE>&lt;LimitExcept OPTIONS HEAD&gt; Require valid-user &lt;/LimitExcept&gt; </CODE></PRE> <P>Below is a trace that demonstrates the problem, any workaround welcome, jQuery won't proceed upon receving a 401:</P> <PRE><CODE><A href="http://localhost:8083/nuxeo/site/automation/Document.GetChildren" target="test_blank">http://localhost:8083/nuxeo/site/automation/Document.GetChildren</A> OPTIONS /nuxeo/site/automation/Document.GetChildren HTTP/1.1 Host: localhost:8083 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Origin: <A href="http://localhost:8080" target="test_blank">http://localhost:8080</A> Access-Control-Request-Method: GET Access-Control-Request-Headers: authorization Pragma: no-cache Cache-Control: no-cache HTTP/1.1 401 Unauthorized Server: Apache-Coyote/1.1 WWW-Authenticate: Basic realm="Nuxeo Automation" Content-Type: text/html;charset=utf-8 Content-Length: 954 Date: Mon, 22 Oct 2012 10:04:46 GMT </CODE></PRE> Mon, 22 Oct 2012 12:22:16 GMT https://connect.hyland.com/t5/nuxeo-forum/nuxeo-ep-shouldn-t-require-authentication-for-cors-preflight/m-p/315332#M2333 franck102_ 2012-10-22T12:22:16Z