https://community.splunk.com/t5/Security/Splunk-Rest-Request-using-browser-Unauthorized-because-of-Origin/m-p/399776#M9681 <P>"services/search/jobs/" Splunk endpoint is replying “Unauthorized” (HTTP 401) due to the presence of the “Origin”/”Referer” parameter in the header request.<BR /> To best integrate the browser/client all to Splunk, can we allow all or specific origin header or remove this restriction? </P> <P>it works fine for doing it with a linux curl. But even by adding the “Origin” header parameter and it won’t work.<BR /> Basically, for using the front-end, we need the splunk endpoint to allow the origin header from a specific or all orginis.</P> Wed, 17 Jul 2019 22:04:54 GMT mibrahim8 2019-07-17T22:04:54Z https://community.splunk.com/t5/Security/Splunk-Rest-Request-using-browser-Unauthorized-because-of-Origin/m-p/399776#M9681 <P>"services/search/jobs/" Splunk endpoint is replying “Unauthorized” (HTTP 401) due to the presence of the “Origin”/”Referer” parameter in the header request.<BR /> To best integrate the browser/client all to Splunk, can we allow all or specific origin header or remove this restriction? </P> <P>it works fine for doing it with a linux curl. But even by adding the “Origin” header parameter and it won’t work.<BR /> Basically, for using the front-end, we need the splunk endpoint to allow the origin header from a specific or all orginis.</P> Wed, 17 Jul 2019 22:04:54 GMT https://community.splunk.com/t5/Security/Splunk-Rest-Request-using-browser-Unauthorized-because-of-Origin/m-p/399776#M9681 mibrahim8 2019-07-17T22:04:54Z https://community.splunk.com/t5/Security/Splunk-Rest-Request-using-browser-Unauthorized-because-of-Origin/m-p/399777#M9682 <P>In Server.conf change the parameter below to * to enable all the connections please check the details in the following link </P> <P><A href="https://docs.splunk.com/Documentation/Splunk/7.3.0/Admin/Serverconf">https://docs.splunk.com/Documentation/Splunk/7.3.0/Admin/Serverconf</A></P> <P>crossOriginSharingPolicy = ...<BR /> * List of the HTTP Origins for which to return Access-Control-Allow-* (CORS)<BR /> headers.<BR /> * These headers tell browsers that web applications are trusted at those sites<BR /> to make requests to the REST interface.<BR /> * The origin is passed as a URL without a path component (for example<BR /> "<A href="https://app.example.com:8000%22">https://app.example.com:8000"</A>).<BR /> * This setting can take a list of acceptable origins, separated<BR /> by spaces and/or commas.<BR /> * Each origin can also contain wildcards for any part. Examples:<BR /> <EM>://app.example.com:</EM> (either HTTP or HTTPS on any port)<BR /> https://<EM>.example.com (any host under example.com, including<BR /> example.com itself)<BR /> * An address can be prefixed with a '!' to negate the match, with<BR /> the first matching origin taking precedence. For example,<BR /> "!</EM>://evil.example.com:* <EM>://</EM>.example.com:<EM>" to not avoid<BR /> matching one host in a domain<BR /> * A single "</EM>" can also be used to match all origins<BR /> * No default.</P> Fri, 02 Aug 2019 15:17:02 GMT https://community.splunk.com/t5/Security/Splunk-Rest-Request-using-browser-Unauthorized-because-of-Origin/m-p/399777#M9682 mibrahim8 2019-08-02T15:17:02Z