Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Cannot access REST API via Javascript Client

Lyonis
Engager
‎05-05-2015 07:24 AM

Splunk 6.1.5

Writing a test application for using REST API using Client JavaScript I got this error

XMLHttpRequest cannot load https://localhost:8089/services/auth/login?output_mode=json. Request header field X-Splunk-Form-Key is not allowed by Access-Control-Allow-Headers.

The app is:

    var http = new splunkjs.JQueryHttp();

    var service = new splunkjs.Service(http,{
      scheme:"https",
      host: "localhost",
      port: 8089,
      username: "username",
      password: "password",
      version: "6.1"
    });

    service.apps().fetch(function(err, apps) {
        if (err) {
            alert("Error listing apps");
            return;
        }
        var myapps = "";
        var appsList = apps.list();
        for(var i = 0; i < appsList.length; i++) {
            myapps += "App " + i + ": " + appsList[i].name + "<br/>"
        } 

        document.getElementById("applist").innerHTML=myapps;
    });

In server.conf i enalbled cross origin

[httpServer]
crossOriginSharingPolicy = *

(If I set crossOriginSharingPolicy = https://localhost:8089 doesn't work)

Tags (2)
Reply

mgarciar
Path Finder
‎01-11-2017 06:48 AM

I had a similar issue and solved by replacing:

var http = new splunkjs.JQueryHttp();

with

var http = new splunkjs.SplunkWebHttp();

Of course is not documented anywhere as far as I can tell.

0 Karma
Reply

tfellinger
New Member
‎11-02-2016 12:01 AM

I know this is an old thread, but if someone is looking for a workaround, maybe they stumble upon this thread.

I tried to make AJAX calls to the REST API from within dashboard javascript with the same result. Seems like jQuery is always adding the "x-splunk-form-key" header (I thinks thats the CSRF token for the webgui). Since this header is not allowed, it results in a CORS violation. Everything I tried with jQuery's $.ajax() failed (setting the header to "", " " or null). If you try to remove the header completely with ajaxSetup the gui will break 😕

So the workaround I used was to use javascript's XmlHttpRequest object (var xhr = new XMLHttpRequest();). With this the header is not added and so the ajax request works like a charm.

0 Karma
Reply

jitendra0101
Engager
‎07-18-2017 07:19 AM

Please help. Every time I am getting error message as "Error Listing Apps".

0 Karma
Reply

Luke__Mcfly
New Member
‎07-19-2015 12:50 AM

Have you managed to make this work? I believe a solution to this would really help me out.

0 Karma
Reply

Lyonis
Engager
‎07-24-2015 01:09 AM

No sorry, I used a workaround creating a python controller that manager REST calls and use it like a forwarder that creates jobs

0 Karma
Reply
Get Updates on the Splunk Community!

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...

Splunk AppDynamics Agents Webinar Series

Mark your calendars! On June 24th at 12PM PST, we’re going live with the second session of our Splunk ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2025 SplunkTrust is officially open! If you ...
Top