I saw this post on previous talend forum suggesting to implement an OPTIONS verb with the same URI as GET and with these headers in the response. I have tested it successfully with basic HTTP authentication disabled (I simulated setting a different header on GET verb since authentication was disabled and it also sent the OPTIONS preflight). However, when I enable HTTP authentication again it is also applied to the OPTIONS verb and the authorization header is required for OPTIONS verb also, driving into a HTTP 401 Unauthorized error.
There is this JIRA ticket already opened for implementing CORS on tRestRequest. Is it related to this issue?
If so and while it is not solved, Is there any known workaround to access from the browser a REST service with HTTP authentication enabled?
Thanks in advance.
This jira issue https://jira.talendforge.org/browse/TESB-17678 is about cross-origin resource sharing. During the pre-flight (OPTIONS) the browser is not using authentication.
This issue is still in process and we will keep you posted.
Just to add some context - and add a BIG YES VOTE for this enhancement request...
The W3 spec for CORS preflight requests states that user credentials should be excluded, so this enhancement would make Talend more compliant. This is important because REST APIs are more commonly used as an abstract layer for the Microservice architecture (cross origin situations) and development team who use the tRESTRequest component need to account for this situation.
Note: This work around is good for wrapping the STS authentication service into a RESTful endpoint to support Single Sign-On (using SAML)
Here are links to other discussions about this same requirement