@sscarduzio We’re trying to construct custom plugins that do various business functionalities. One of them is to essentially make an API call to fetch certain user data that we want the plugin to then further parse and take some UI action. When attempting this without ROR, the API call succeeds with 200OK. With ROR, we’re seeing a redirect to 302!
Please see the attached screenshot.
deleting!!! wrong post!
Updated Post with Screenshot.
@sscarduzio It looks like ANY API call is being intercepted by ROR and is being redirected to /login angular route.
In the example above - we’re trying to make an API call to the Plugin which tries to fetch certain records but the calls are always resulting in a:
302 Redirect
to /login
Hi Roger,
Yes this is how ROR works: it protects all the routes when accessed without credentials. It’s kinda the point.
Nevertheless, the need to whitelist certain paths emerged before i.e. /api/status for load balancers.
So I created a hack that whitelists authentication for certain paths (as regex). This is quite delicate for security, so be careful.
This is an example of how it would work:
readonlyrest_kbn.whitelistedPaths: [".*/api/status"]
Please confirm that this solution would fit your purpose.
This would work. Our application is protected in bastion space and we can only call protected APIs. I assume this fix/hack is already in the current ROR version ?
It’s in the master, I need to build a version for you, if you are in a hurry. I want next release to have SAML, and I just started to integrate it, so it would normally take a week at least.
We’re targetting a release on thursday. We had considered this a “Fast Followup” after the release considering we had just reported the bug - but for our Demo to leadership, having this will be a big win 
If its possible to get a fix before then, it would be awesome. No worries if its too aggressive for you!
Generally this kind of support is reserved for Enterprise subscribers, but you are kindly helping me out in other fronts: i.e. good feedback loop, etc. You will have the build soon. 
Hey @sscarduzio we are enterprise subscribers. I’ll send an email from our distro that we used when purchasing the enterprise license
LOL 
sorry! I really should find a way to automatically tag users in this forum.