Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-25732

CORS broken with 7.2 auth

XMLWordPrintable

    • Support backlog
    • 0.25

      Steps to reproduce:
      API based applications that uses the Zabbix API stopped working with 7.2 if they respect CORS.

      The reason is a missing Header in `api_jsonrpc.php`.
      Zabbix 7.2 API requires a new Header "Authorization" but misses to allow this Header here: https://github.com/zabbix/zabbix/blob/master/ui/api_jsonrpc.php
      Line 18: `header('Access-Control-Allow-Headers: Content-Type');`

      The fix is to add "Authorization" to allowed hedaer by changing the line to: `header('Access-Control-Allow-Headers: Content-Type, Authorization');`

      Until this is resolved no App or Client respecting CORS will work.

        1. screenshot-1.png
          screenshot-1.png
          7 kB

            vmaksimovs Vladimirs Maksimovs
            edgar.akhmetshin Edgar Akhmetshin
            Team C
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - Not Specified
                Not Specified
                Logged:
                Time Spent - 3h 40m
                3h 40m