AppD Archive

JavaScript injection using Apache issue

CommunityUser
Splunk Employee
Splunk Employee

Hello,

I've followed this guide: 
https://docs.appdynamics.com/display/PRO40/Injection+Using+Apache

Seeing below in browser console:

XMLHttpRequest cannot load http://col.eum-appdynamics.com/eumcollector/beacons. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://apache01.my.lan' is therefore not allowed access.

0 Karma

Arun_Dasetty
Super Champion

Hi Luis,

Can you see if this is related to CORS problem ? As per past history on this error , The error indicates that your page or api is not allowing this cross domain access. ,  The resolution is to allow you pages to use CORS, by adding this header 'Access-Control-Allow-Origin: *' or similar. Check if that information helps.

 

Regards,

Arun

0 Karma

CommunityUser
Splunk Employee
Splunk Employee

Have the followin on the Apache proxy:
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers "X-Requested-With, Content-Type,$
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"

This request goes out to AppDynamics and the browser appears to be blocking it.

If I run Chrome with --disable-web-security there is no error.
An old browser like IE7 also seems to be POSTing without issue.

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...