Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Cannot access REST API via Javascript Client

Lyonis
Engager
‎05-05-2015 07:24 AM

Splunk 6.1.5

Writing a test application for using REST API using Client JavaScript I got this error

XMLHttpRequest cannot load https://localhost:8089/services/auth/login?output_mode=json. Request header field X-Splunk-Form-Key is not allowed by Access-Control-Allow-Headers.

The app is:

    var http = new splunkjs.JQueryHttp();

    var service = new splunkjs.Service(http,{
      scheme:"https",
      host: "localhost",
      port: 8089,
      username: "username",
      password: "password",
      version: "6.1"
    });

    service.apps().fetch(function(err, apps) {
        if (err) {
            alert("Error listing apps");
            return;
        }
        var myapps = "";
        var appsList = apps.list();
        for(var i = 0; i < appsList.length; i++) {
            myapps += "App " + i + ": " + appsList[i].name + "<br/>"
        } 

        document.getElementById("applist").innerHTML=myapps;
    });

In server.conf i enalbled cross origin

[httpServer]
crossOriginSharingPolicy = *

(If I set crossOriginSharingPolicy = https://localhost:8089 doesn't work)

Tags (2)
Reply

mgarciar
Path Finder
‎01-11-2017 06:48 AM

I had a similar issue and solved by replacing:

var http = new splunkjs.JQueryHttp();

with

var http = new splunkjs.SplunkWebHttp();

Of course is not documented anywhere as far as I can tell.

0 Karma
Reply

tfellinger
New Member
‎11-02-2016 12:01 AM

I know this is an old thread, but if someone is looking for a workaround, maybe they stumble upon this thread.

I tried to make AJAX calls to the REST API from within dashboard javascript with the same result. Seems like jQuery is always adding the "x-splunk-form-key" header (I thinks thats the CSRF token for the webgui). Since this header is not allowed, it results in a CORS violation. Everything I tried with jQuery's $.ajax() failed (setting the header to "", " " or null). If you try to remove the header completely with ajaxSetup the gui will break 😕

So the workaround I used was to use javascript's XmlHttpRequest object (var xhr = new XMLHttpRequest();). With this the header is not added and so the ajax request works like a charm.

0 Karma
Reply

jitendra0101
Engager
‎07-18-2017 07:19 AM

Please help. Every time I am getting error message as "Error Listing Apps".

0 Karma
Reply

Luke__Mcfly
New Member
‎07-19-2015 12:50 AM

Have you managed to make this work? I believe a solution to this would really help me out.

0 Karma
Reply

Lyonis
Engager
‎07-24-2015 01:09 AM

No sorry, I used a workaround creating a python controller that manager REST calls and use it like a forwarder that creates jobs

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

The Defining Technology Movement of Our Lifetime The advent of agentic AI is arguably the defining technology ...

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...

Your summer travels continue with new course releases

Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...
Top