New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[management-ui] allow cors 'X-Recaptcha-Token' header by default #3676
Comments
jhaeyaert
added a commit
to gravitee-io/gravitee-management-webui
that referenced
this issue
May 1, 2020
jhaeyaert
added a commit
to gravitee-io/gravitee-management-rest-api
that referenced
this issue
May 1, 2020
brasseld
pushed a commit
to gravitee-io/gravitee-management-rest-api
that referenced
this issue
May 4, 2020
brasseld
pushed a commit
to gravitee-io/gravitee-management-webui
that referenced
this issue
May 4, 2020
aelamrani
added a commit
to gravitee-io/gravitee-management-rest-api
that referenced
this issue
May 18, 2020
* chore(): Prepare next version * fix(audits): add api events fix gravitee-io/issues#2883 * chore(): Prepare next version * fix: Platform dashboard rights not correctly handled for widget response status fix gravitee-io/issues#2868 * fix: When deleting an API, its pages should be also deleted fix gravitee-io/issues#2844 * fix(swagger): Add documentation for analytics API Closes gravitee-io/issues#2914 * fix(group): A group can be associated to existing APIs and or Apps Closes gravitee-io/issues#2253 * fix(view): Do not update view's picture when re-ordering Closes gravitee-io/issues#2909 * feat(services): Add a user-agent header for all services requests fix gravitee-io/issues#2854 * fix(api): add controls on api creation and update fix gravitee-io/issues#2938 * release(1.25.16) * chore(): Prepare next version * chore: Update node dependency Closes gravitee-io/issues#2963 * fix(prometheus): register HC service only on Prometheus fix gravitee-io/issues#2979 * fix(oauth): log user mapping error in warning fix gravitee-io/issues#2973 * fix(quality-rules): do not require read access to get all quality rules fix gravitee-io/issues#2984 * fix(analytics): Do not handle API and application with value '1' as deleted. Closes gravitee-io/issues#2987 * feat(http): Add support for PKCS12 for HTTP server Closes gravitee-io/issues#2978 * fix(analytics): replace '1' to '?' in analytics response fix gravitee-io/issues#2988 * release(1.25.17) * chore(): Prepare next version * fix: Do not log message when a field is not mapped on an identity provider Closes gravitee-io/issues#3016 * fix(email): do not throw error if email is disabled fix gravitee-io/issues#3035 * doc: Add doc on how to add email on a user inmemory Closes gravitee-io/issues#2590 * fix(email): do not send email if no recipient fix gravitee-io/issues#3038 * release(1.30.1) * chore(): Prepare next version * fix(gravitee.bat): wrong comment syntax fix gravitee-io/issues#3050 * feat(metadata): add EL support for the "email-support" API metadata closes gravitee-io/issues#3049 * fix(api): delete memberships and notifications on delete fix gravitee-io/issues#2711 * fix(ut): ApiService_DeleteTest ApplicationService_ArchiveTest * release(1.25.18) * chore(): Prepare next version * fix(management): the enums not case-insensitive when an api is imported Closes gravitee-io/issues#2995 * fix(logs): escape reserved words during research fix gravitee-io/issues#3070 * release(1.25.19) * chore(): Prepare next version * release(1.30.2) * chore(): Prepare next version * release(1.25.20) * chore(): Prepare next version * fix: The configuration of an email on a user (in memory) does not work Closes gravitee-io/issues#3103 * fix: Error trying to import API with primary owner without email Closes gravitee-io/issues#3104 * fix(configuration): define sensitive data that cannot be seen outside the service fix gravitee-io/issues#3082 * feat(application): display complete request URI in the application log detail closes gravitee-io/issues#3107 * feat(maintenance): add a maintenance mode for the ui and api fix gravitee-io/issues#3124 * fix(subscription): update subscription ending date fix gravitee-io/issues#3149 * fix(apikey): expire date cannot ended after subscription fix gravitee-io/issues#3153 * fix(management) API documentation import preserves folders structure Fixes gravitee-io/issues#3129 * release(1.25.21) * chore(): Prepare next version * fix(pages) allow non admin to administrate portal pages fix gravitee-io/issues#3174 * fix(analytics): report issues#3113 in default widgets * release(1.30.3) * chore(): Prepare next version * fix(config): Bad defautl value for HTTP proxy Closes gravitee-io/issues#3221 * fix(group): Reverse newly created entity and mapped entity Closes gravitee-io/issues#3171 * feat(instance): Add instances filtering capabilities to avoid loading large set of data Closes gravitee-io/issues#3222 * fix: Missing informations on email template for expired api-key * fix(oauth): Add a state while doing oauth authentication Closes gravitee-io/issues#3231 * fix(permission): Group permissions are merged with user permissions Closes gravitee-io/issues#3238 * fix: Cors request considered as "Deleted Application" Closes gravitee-io/issues#3228 * fix: Log unknown path for unknown APIs Closes gravitee-io/issues#3195 * fix(container): Move JUL logs to SLF4j Closes gravitee-io/issues#3229 * feat(idp): add firstname and lastname support for inmemory users closes gravitee-io/issues#3234 * feat(user): Add a flag to indicate that the user is PO Closes gravitee-io/issues#2425 * release(1.25.22) * chore(): Prepare next version * feat(swagger): Set server URLs depending on the entrypoints of the API Closes gravitee-io/issues#3246 * release(1.30.4) * chore(): Prepare next version * Fix typo on configuration of proxy type * fix: fail to parse Swagger page with dynamic freemarker values Closes gravitee-io/issues#3259 * feat(logs): Provide a way to consult API logs from platform dashboard Closes gravitee-io/issues#3233 * release(1.30.5) * chore(): Prepare next version * fix: Some users are wrongly flagged as primary owners Closes gravitee-io/issues#3273 * fix(application): do not log in error a missing PO on a archived app fix gravitee-io/issues#3273 * fix: Manual unlocking of detailed logging limitation Closes gravitee-io/issues#3282 * fix: Use the correct log lever for errors on token exchange Closes gravitee-io/issues#3267 * feat(swagger): Servers in descriptor are based on API entrypoints Closes gravitee-io/issues#3277 * fix: Direct members permissions are not well merged with group permissions Closes gravitee-io/issues#3315 * fix(): improve the rest-api swagger documentation fix gravitee-io/issues#3230 * fix(users): display name show 'null' value if firstname or lastname is null fixes gravitee-io/issues#3313 * fix(api): export API metadata fixes gravitee-io/issues#3314 * fix(doc): remove List example in the rest-api swagger definition * chore: Resolve swagger model type * chore: Remove swagger2markup as it is covered with Redoc * release(1.25.23) * chore(): Prepare next version * fix(api): Quality score is set to 0 if no custom rules has been validated Closes gravitee-io/issues#3325 * fix(application): Set the client_id when updating a DCR application Closes gravitee-io/issues#3180 * feat(dictionary): Provide support HTTP headers Closes gravitee-io/issues#3296 * fix: When updating the view name, the label is not correct on the API's cards fix gravitee-io/issues#3279 * feat(policy): Policies can be extracted from Swagger Closes gravitee-io/issues#3298 * feat(alert): Add alert history Closes gravitee-io/issues#3185 * fix(pages): do not override fetcher configuration while fetching pages fixes gravitee-io/issues#3342 * feat(alert): Upgrade node dependencies to add support for alert on node healthcheck metrics Closes gravitee-io/issues#3118 * fix(api): Add default context-path to API entity Closes gravitee-io/issues#3356 * fix(analytics): add order metadata to group_by response to be able to sort data on the UI side fixes gravitee-io/issues#3350 * feat(page): Add an option to render swagger server according to the entrypoint path Closes gravitee-io/issues#3359 * fix(logs): Manage unknown API Closes gravitee-io/issues#3349 * fix: missing license header * fix(subscription): Api-key without expiration date are well managed Closes gravitee-io/issues#3362 * release(1.30.6) * chore(): Prepare next version * release(1.30.7) * chore(): Prepare next version * fix: Support email message is displaying html elements Closes gravitee-io/issues#3398 * fix(logging): Plug Java Util Logging (JUL) to SLF4J Closes gravitee-io/issues#3360 * release(1.25.24) * fix: Metadata are not well imported while creating or updating an API Closes gravitee-io/issues#3409 * fix: Entrypoints are incorrect in case of virtual hosting configuration Closes gravitee-io/issues#3404 * fix: Error on top path column name fix gravitee-io/issues#3411 * release(1.30.8) * chore(): Prepare next version * fix(apikey): save paused subscriptions fix gravitee-io/issues#3520 * fix(swagger): keep the swagger config on api update from swagger fix gravitee-io/issues#3518 * fix(user): do not fail if default app is enabled but simple App with DCR is disabled fix gravitee-io/issues#3523 * fix(subscriptions): search subscriptions by api-key with many applications fixes gravitee-io/issues#3346 * fix(oidc-idp): map emailRequired property from gravitee.yml file fixes gravitee-io/issues#3597 * fix: Allows to override virtual host with entrypoints fix gravitee-io/issues#3626 * feat(memberhsip): Manage automatic membership mappings for identity providers Closes gravitee-io/issues#1698 * fix(view): Default ALL view must have a key Closes gravitee-io/issues#3636 * fix(UT): SubscriptionService + ApiService_ExportAsJsonTest * chore(): upgrade parent to fix gpg error * release(1.30.9) * chore(): Prepare next version * feat(messages): allow to optionally define whitelist url for post message Closes gravitee-io/issues#3638 * fix: Add upport for CSRF / upgrade nimbus + upgrade java-jwt Closes gravitee-io/issues#3634 * fix(image): Image format and content are validated against XSS attacks Closes gravitee-io/issues#3648 * fix(api): improve filtering of api data Closes gravitee-io/issues#3644 * fix(user): Check the email and password during registration Closes gravitee-io/issues#3656 * chore(dependencies): upgrade dependencies spring 5.1.3 -> 5.2.5 spring-security 5.1.5 -> 5.2.5 jersey 2.29 -> 2.30.1 jetty 9.4.20 -> 9.4.28 freemarker 2.3.28 -> 2.3.30 guava 20.0 -> 29.0-jre json-path 2.3.0 -> 2.4.0 snakeyaml 1.18 -> 1.26 jackson 2.9.8 -> 2.10.3 json-schema-validator 2.2.8 -> 2.2.13 swagger-jersey-jaxrs 1.5.23 -> 1.6.1 jersey-spring4 -> jersey-spring5 java-jwt 2.2.1 -> 3.10.2 Closes gravitee-io/issues#3652 * feat(page): allow to optionally sanitize page content Closes gravitee-io/issues#3637 * feat(import): add ability to whitelist urls or disable import from private host Closes gravitee-io/issues#3657 * feat(csrf): allow to optionally enable csrf protection Closes gravitee-io/issues#3663 * feat(captcha): add captcha protection if feature is enabled Closes gravitee-io/issues#3655 * fix(user): Do not search on email domain Closes gravitee-io/issues#3665 * feat(csrf): handle csrf cross-domain Closes gravitee-io/issues#3662 * fix(csrf): handle csrf cross-domain Closes gravitee-io/issues#3662 * feat(captcha): add captcha on login Closes gravitee-io/issues#3655 * fix(import): security value for plan data can be filled in lowercase Closes gravitee-io/issues#3402 * refactor: export api with enum vales in lowercase Closes gravitee-io/issues#3406 * X-Forwarded headers fix for ports Closes: gravitee-io/issues#3641 * fix(csrf): set http-only on csrf cookie Closes gravitee-io/issues#3673 * chore: Upgrade netty dependency Closes gravitee-io/issues#3679 * feat(captcha): allow cors 'X-Recaptcha-Token' header by default Closes gravitee-io/issues#3676 * chore: Upgrade gravitee-node dependency Closes gravitee-io/issues#3419 * fix(command): do not fetch indexable source if the action is a delete one fixes gravitee-io/issues#3574 * fix: Fail to save a Client registration config fix gravitee-io/issues#3617 * release(1.30.10) Co-authored-by: Gravitee.io Bot <contact@gravitee.io> Co-authored-by: Nicolas Géraud <nicolas.geraud@gmail.com> Co-authored-by: Azize Elamrani <azize.elamrani@gmail.com> Co-authored-by: David BRASSELY <brasseld@gmail.com> Co-authored-by: Titouan COMPIEGNE <titouan.compiegne@gmail.com> Co-authored-by: Guillaume Gillon <guillaume.gillon@gmail.com> Co-authored-by: Florent CHAMFROY <florent.chamfroy@graviteesource.com> Co-authored-by: RomsDev <tabaryr@gmail.com> Co-authored-by: Guillaume Cusnieux <guillaume.cusnieux@graviteesource.com> Co-authored-by: Zdenek Obst <zdenek.obst@gmail.com>
aelamrani
added a commit
to gravitee-io/gravitee-management-webui
that referenced
this issue
May 18, 2020
* chore(): Prepare next version * chore(): Prepare next version * fix(page): edit a page by importing a file fix gravitee-io/issues#2896 * fix(api-card): logo pops up to the side if too large fix gravitee-io/issues#2113 * fix(logs): display multiple headers with the same name fix gravitee-io/issues#2890 * fix(dictionary): Setup pagination for dictionary's properties Closes gravitee-io/issues#2846 * fix(users): Keep the last page / query when going back to users management Closes gravitee-io/issues#2897 * fix(group): A group can be associated to existing APIs and or Apps Closes gravitee-io/issues#2253 * fix(api): add controls on api creation and update fix gravitee-io/issues#2938 * fix(documentation): Add a spinner when the documentation is loading fix gravitee-io/issues#1968 * fix(settings): saved settings modifications in the current Constants obj fix gravitee-io/issues#2968 * release(1.25.16) * chore(): Prepare next version * fix(analytics): do not allow navigation between api's and application's analytics fix gravitee-io/issues#2986 * release(1.25.17) * chore(): Prepare next version * fix: Unable to reset user password from link Closes gravitee-io/issues#2957 * release(1.30.1) * chore(): Prepare next version * fix(logging.editor): generate a more tolerant condition for tables fix gravitee-io/issues#3047 * fix(api-header): tags and views overflows under the sticky navbar fix gravitee-io/issues#3053 * feat(metadata): add EL support for the "email-support" API metadata closes gravitee-io/issues#3049 * fix(cors): add a warning when allow all origin fix gravitee-io/issues#3055 * feat(chips): create chip when the user leave the input fix gravitee-io/issues#3062 * release(1.25.18) * chore(): Prepare next version * fix: Cannot remove an item on the widget status (pie) Closes gravitee-io/issues#3089 * fix(logs): escape reserved words during research fix gravitee-io/issues#3070 * release(1.25.19) * chore(): Prepare next version * release(1.30.2) * chore(): Prepare next version * release(1.25.20) * chore(): Prepare next version * fix(analytics): be more specific between analytics and latency fix gravitee-io/issues#3113 * fix(cors): add more help on the CORS configuration fix gravitee-io/issues#3133 * feat(application): display complete request URI in the application log detail closes gravitee-io/issues#3107 * feat(maintenance): add a maintenance mode for the ui and api fix gravitee-io/issues#3124 * fix(subscription): update subscription ending date fix gravitee-io/issues#3149 * fix(apikey): expire date cannot ended after subscription fix gravitee-io/issues#3153 * release(1.25.21) * chore(): Prepare next version * fix(api): display the 'DUPLICATE' button only if you're allowed to create an API fix gravitee-io/issues#3175 * fix(alert): Form can be updated as soon as a notification is removed Closes gravitee-io/issues#3162 * feat(analytics): Add the remote-address field as part of the widgets Closes gravitee-io/issues#3121 * fix: Unable to reset user password from link with force login setting Closes gravitee-io/issues#2957 * chore: Upgrade node/npm modules Closes gravitee-io/issues#3207 * release(1.30.3) * chore(): Prepare next version * feat(instance): Add instances filtering capabilities to avoid loading large set of data Closes gravitee-io/issues#3222 * fix(oauth): Save the redirect uri to a state with a nonce and redirect to it post auth Closes gravitee-io/issues#3231 * fix(analytics): Show me gridster ! * fix: Widget timeline does not display the API names correctly Closes gravitee-io/issues#3205 * fix(ui): fix scrollbar-x functionality when it's above pagination widget table element fixes gravitee-io/issues#3243 * fix: Better display on tooltip when too much data to display on a line chart Closes gravitee-io/issues#3244 * fix(ui): the navbar disappeared when scrolling down the page and clicking on the user menu fixes gravitee-io/issues#1823 * feat(user): Add a PO badge to user Closes gravitee-io/issues#2425 * feat(ui): associate sharding tags - entry points in API Portal Header closes gravitee-io/issues#3239 * release(1.25.22) * chore(): Prepare next version * fix(plan): Under certain circumstances, security definition must be parsed twice Closes gravitee-io/issues#3242 * release(1.30.4) * chore(): Prepare next version * fix(api): add missing entry points API header fixes gravitee-io/issues#3260 * fix: Better display on tooltip when too much data to display on a line chart Closes gravitee-io/issues#3244 * fix: Paging functionality of widgets in the dashboards not working Closes gravitee-io/issues#3263 * feat(logs): Provide a way to consult API logs from platform dashboard Closes gravitee-io/issues#3233 * fix: Metadata cannot be deleted when value is too long Closes gravitee-io/issues#3266 * release(1.30.5) * chore(): Prepare next version * Changing help and notify icon color to be visible For now, those two icon color are too closed to the background color and are not visible. it's a proposition about having more visible icons * fix(view): be able to only update view visibility fixes gravitee-io/issues#3255 * fix: Allows to define all policies at the plan's level Closes gravitee-io/issues#3280 * fix(logs): wildcard search on API path field fixes gravitee-io/issues#3256 * feat(swagger): Swagger server can be based on API entrypoints Closes gravitee-io/issues#3277 * fix(api): API Entry Points portal headers should not be truncated fixes gravitee-io/issues#3312 * fix: Make clearer the group's selection on a plan or a page Closes gravitee-io/issues#3281 * fix(api): export API metadata fixes gravitee-io/issues#3314 * release(1.25.23) * chore(): Prepare next version * feat(dictionary): Provide support HTTP headers Closes gravitee-io/issues#3296 * fix(oauth): State parameter must be generated even for direct authentication (no login form) Closes gravitee-io/issues#3329 * fix: When updating the view name, the label is not correct on the API's cards fix gravitee-io/issues#3279 * feat(policy): Select policies to create when importing a Swagger descriptor Closes gravitee-io/issues#3298 * feat(alert): Add alert history Closes gravitee-io/issues#3185 * feat(alert): Add support to create triggre rules based on node healthcheck probes Closes gravitee-io/issues#3118 * fix(analytics): be able to filter on unknown app fixes gravitee-io/issues#3345 * fix(log): Add more options to filter on response-time Closes gravitee-io/issues#3358 * fix(analytics): add orderBy metadata.order to sort values on the data-table widget fixes gravitee-io/issues#3350 * feat(page): Add an option to render swagger server according to the entrypoint path Closes gravitee-io/issues#3359 * fix(logs): Manage unknown API and allow to filter by unknown API|App Closes gravitee-io/issues#3349 * fix(response_template): Template can be viewable with read permission Closes gravitee-io/issues#3331 * chore: Fix license header * fix(analytics): USe the right syntax for ES query string Closes gravitee-io/issues#3369 * fix(documentation): be able to navigate inside a subfolder fix gravitee-io/issues#3375 * feat(alert): Alert for all APIs can be setup at the platform level Closes gravitee-io/issues#3335 * release(1.30.6) * chore(): Prepare next version * release(1.30.7) * chore(): Prepare next version * fix(portal): enable LogIn button on first load fix gravitee-io/issues#3355 * fix: plus button override clickable elements Closes gravitee-io/issues#3081 * release(1.25.24) * fix: Entrypoints are incorrect in case of virtual hosting configuration Closes gravitee-io/issues#3404 * fix: Unable to filter analytics on paths fix gravitee-io/issues#3410 * release(1.30.8) * chore(): Prepare next version * fix(alert): update metrics when changing a rule fix gravitee-io/issues#3514 * fix: Allows to override virtual host with entrypoints fix gravitee-io/issues#3626 * feat(memberhsip): Manage automatic membership mappings for identity providers Closes gravitee-io/issues#1698 * fix: Filters are not correctly synched fix gravitee-io/issues#3445 * chore(): upgrade parent to fix gpg error * release(1.30.9) * chore(): Prepare next version * fix(theme): Fallback to default theme if the custom one does not exist Closes gravitee-io/issues#3658 * fix(resetPassword): add a translation to help users fix gravitee-io/issues#3656 * feat(captcha): add captcha protection if feature is enabled Closes gravitee-io/issues#3655 * feat(csrf): handle csrf cross-domain Closes gravitee-io/issues#3662 * fix(csrf): handle csrf cross-domain Closes gravitee-io/issues#3662 * feat(captcha): add captcha on login and renew captcha when needed Closes gravitee-io/issues#3655 * feat(dependencies): bum jquery version to 3.5.0 Closes gravitee-io/issues#3678 * fix(management): Implicit Grant removed from WEB application type with REFRESH default Closes gravitee-io/issues#3269 * refactor(captcha): X-Recaptcha-Token header is now sent using interceptor Closes gravitee-io/issues#3676 * feat(policyChain): add PLAN_UNRESOLVABLE policy chain error key closes gravitee-io/issues#3513 * release(1.30.10) Co-authored-by: Gravitee.io Bot <contact@gravitee.io> Co-authored-by: Nicolas Géraud <nicolas.geraud@gmail.com> Co-authored-by: David BRASSELY <brasseld@gmail.com> Co-authored-by: Azize Elamrani <azize.elamrani@gmail.com> Co-authored-by: Titouan COMPIEGNE <titouan.compiegne@gmail.com> Co-authored-by: Ricordeau Raphael <Tsuna77@users.noreply.github.com> Co-authored-by: Guillaume Cusnieux <guillaume.cusnieux@graviteesource.com> Co-authored-by: Zdenek Obst <zdenek.obst@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
No description provided.
The text was updated successfully, but these errors were encountered: