Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Cannot access REST API via Javascript Client

Lyonis
Engager
‎05-05-2015 07:24 AM

Splunk 6.1.5

Writing a test application for using REST API using Client JavaScript I got this error

XMLHttpRequest cannot load https://localhost:8089/services/auth/login?output_mode=json. Request header field X-Splunk-Form-Key is not allowed by Access-Control-Allow-Headers.

The app is:

    var http = new splunkjs.JQueryHttp();

    var service = new splunkjs.Service(http,{
      scheme:"https",
      host: "localhost",
      port: 8089,
      username: "username",
      password: "password",
      version: "6.1"
    });

    service.apps().fetch(function(err, apps) {
        if (err) {
            alert("Error listing apps");
            return;
        }
        var myapps = "";
        var appsList = apps.list();
        for(var i = 0; i < appsList.length; i++) {
            myapps += "App " + i + ": " + appsList[i].name + "<br/>"
        } 

        document.getElementById("applist").innerHTML=myapps;
    });

In server.conf i enalbled cross origin

[httpServer]
crossOriginSharingPolicy = *

(If I set crossOriginSharingPolicy = https://localhost:8089 doesn't work)

Tags (2)
Reply

mgarciar
Path Finder
‎01-11-2017 06:48 AM

I had a similar issue and solved by replacing:

var http = new splunkjs.JQueryHttp();

with

var http = new splunkjs.SplunkWebHttp();

Of course is not documented anywhere as far as I can tell.

0 Karma
Reply

tfellinger
New Member
‎11-02-2016 12:01 AM

I know this is an old thread, but if someone is looking for a workaround, maybe they stumble upon this thread.

I tried to make AJAX calls to the REST API from within dashboard javascript with the same result. Seems like jQuery is always adding the "x-splunk-form-key" header (I thinks thats the CSRF token for the webgui). Since this header is not allowed, it results in a CORS violation. Everything I tried with jQuery's $.ajax() failed (setting the header to "", " " or null). If you try to remove the header completely with ajaxSetup the gui will break 😕

So the workaround I used was to use javascript's XmlHttpRequest object (var xhr = new XMLHttpRequest();). With this the header is not added and so the ajax request works like a charm.

0 Karma
Reply

jitendra0101
Engager
‎07-18-2017 07:19 AM

Please help. Every time I am getting error message as "Error Listing Apps".

0 Karma
Reply

Luke__Mcfly
New Member
‎07-19-2015 12:50 AM

Have you managed to make this work? I believe a solution to this would really help me out.

0 Karma
Reply

Lyonis
Engager
‎07-24-2015 01:09 AM

No sorry, I used a workaround creating a python controller that manager REST calls and use it like a forwarder that creates jobs

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...

Elevate Your Organization with Splunk’s Next Platform Evolution

 Thursday, July 10, 2025  |  11AM PDT / 2PM EDT Whether you're managing complex deployments or looking to ...

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...
Top