Skip authentication for rest OPTIONS call

this is required by CORS for unauthenticated pre-flight OPTIONS requests Closes elastic/elasticsearch#234 Original commit: elastic/x-pack-elasticsearch@c368b2cf27
2014-10-22 06:07:16 +02:00 · 2014-10-22 06:07:16 +02:00 · fa48c46813
parent 3d71356596
commit fa48c46813
1 changed files with 6 additions and 1 deletions
--- a/src/main/java/org/elasticsearch/shield/SecurityFilter.java
+++ b/src/main/java/org/elasticsearch/shield/SecurityFilter.java
@ -129,7 +129,12 @@ public class SecurityFilter extends AbstractComponent {

        @Override
        public void process(RestRequest request, RestChannel channel, RestFilterChain filterChain) throws Exception {
-            filter.authenticate(request);
+
+            // CORS - allow for preflight unauthenticated OPTIONS request
+            if (request.method() != RestRequest.Method.OPTIONS) {
+                filter.authenticate(request);
+            }
+
            filterChain.continueProcessing(request, channel);
        }
    }