Getting Data In

Cannot access REST API via Javascript Client

Lyonis
Engager

Splunk 6.1.5

Writing a test application for using REST API using Client JavaScript I got this error

XMLHttpRequest cannot load https://localhost:8089/services/auth/login?output_mode=json. Request header field X-Splunk-Form-Key is not allowed by Access-Control-Allow-Headers.

The app is:

    var http = new splunkjs.JQueryHttp();

    var service = new splunkjs.Service(http,{
      scheme:"https",
      host: "localhost",
      port: 8089,
      username: "username",
      password: "password",
      version: "6.1"
    });

    service.apps().fetch(function(err, apps) {
        if (err) {
            alert("Error listing apps");
            return;
        }
        var myapps = "";
        var appsList = apps.list();
        for(var i = 0; i < appsList.length; i++) {
            myapps += "App " + i + ": " + appsList[i].name + "<br/>"
        } 

        document.getElementById("applist").innerHTML=myapps;
    });

In server.conf i enalbled cross origin

[httpServer]
crossOriginSharingPolicy = *

(If I set crossOriginSharingPolicy = https://localhost:8089 doesn't work)

Tags (2)

mgarciar
Path Finder

I had a similar issue and solved by replacing:

var http = new splunkjs.JQueryHttp();

with

var http = new splunkjs.SplunkWebHttp();

Of course is not documented anywhere as far as I can tell.

0 Karma

tfellinger
New Member

I know this is an old thread, but if someone is looking for a workaround, maybe they stumble upon this thread.

I tried to make AJAX calls to the REST API from within dashboard javascript with the same result. Seems like jQuery is always adding the "x-splunk-form-key" header (I thinks thats the CSRF token for the webgui). Since this header is not allowed, it results in a CORS violation. Everything I tried with jQuery's $.ajax() failed (setting the header to "", " " or null). If you try to remove the header completely with ajaxSetup the gui will break 😕

So the workaround I used was to use javascript's XmlHttpRequest object (var xhr = new XMLHttpRequest();). With this the header is not added and so the ajax request works like a charm.

0 Karma

jitendra0101
Engager

Please help. Every time I am getting error message as "Error Listing Apps".

0 Karma

Luke__Mcfly
New Member

Have you managed to make this work? I believe a solution to this would really help me out.

0 Karma

Lyonis
Engager

No sorry, I used a workaround creating a python controller that manager REST calls and use it like a forwarder that creates jobs

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...

Elevate Your Organization with Splunk’s Next Platform Evolution

 Thursday, July 10, 2025  |  11AM PDT / 2PM EDT Whether you're managing complex deployments or looking to ...

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...