Cannot get splunk web to send CORS headers

zapping575 — Fri, 12 Jul 2024 12:08:33 GMT

I have been experimenting with splunk-ui and created an app to make calls from splunk web to the splunk REST API.

However, I keep getting errors like this:

The same origin policy prohibits access to external resource at https://localhost:8090/servicesNS/nobody/path_redacted_but_is_valid?output_mode=json. (Reason: CORS-Header 'Access-Control-Allow-Origin' is missing)

This is how the call looks like

const url = `https://localhost:8090/servicesNS/nobody/${eventType.acl.app}/saved/eventtypes/${eventType.title}?output_mode=json` const response = await fetch(url, { credentials: "include", method: "POST", redirect: "follow", body: JSON.stringify({'search': eventType.content.search}) }); return response.json();

This is my server.conf

[sslConfig] sslRootCAPath = /opt/splunk/etc/auth/mycerts/cert.pem [httpServer] crossOriginSharingPolicy = https://localhost:8090 crossOriginSharingHeaders = *

I can access https://localhost:8090/servicesNS/* "by it self" in my browser.

I am using Firefox 128 and splunk 9.0.5

I can set crossOriginSharingPolicy to "*" (without quotes), but that will cause the browser to reject any requests that require authentication, so this is no solution

Re: Cannot get splunk web to send CORS headers

zapping575 — Tue, 16 Jul 2024 13:06:51 GMT

To answer my own question

This was a browser issue.

Both the splunk REST API and Splunk Web must use https for the REST call to succeed. In my case, this means https://localhost:8000 for splunk web and https://localhost:8090 for the API

topic Re: Cannot get splunk web to send CORS headers in Splunk Dev

Cannot get splunk web to send CORS headers

Re: Cannot get splunk web to send CORS headers