IFrame Portlet Basic Authentication to a subdomain different websiteIFrame Portlet Basic Authentication to a subdomain different websitehttps://liferay.dev/en/c/message_boards/find_thread?p_l_id=119785333&threadId=1213985282024-03-29T01:12:51Z2024-03-29T01:12:51ZIFrame Portlet Basic Authentication to a subdomain different websiteSerge Byishimohttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1213985272022-04-11T18:35:50Z2022-04-11T17:54:52Z<p>Hi all,</p>
<p>I'm trying to use IFrame Portlet Basic Authentication to auto-login
in a subdomain different website (example.liferay-website.com) and
from what I can see, the Fetch API is not adding the Authorization
header to the request, which is probably because the
"authorization" header is not
<code>CORS</code>-<code>safelisted</code> [1]</p>
<p>Liferay is using Fetch API no-cors mode [2] which<code> checks if the
headers are CORS-safelisted.</code></p>
<p>
<code>So I'm wondering if what i'm trying to accomplish is possible
and how.</code></p>
<p>
<code>Best regards,</code></p>
<p>[1] https://stackoverflow.com/questions/44606244/using-fetch-api-with-mode-no-cors-can-t-set-request-headers</p>
<p>[2] : https://github.com/liferay/liferay-portal/blob/ad3ddfdd30a5364c28d44d96c86e2d5bb3628093/modules/apps/iframe/iframe-web/src/main/resources/META-INF/resources/view.jsp#L175</p>
<p> &