How to set Access-Control-Allow-Header for KV Stor...

Getting Data In

I created a web app that runs in Splunk. It is installed in $SPLUNK_HOME/etc/apps . The user can enter some data in a form, and then the data is saved in the KV Store. The data is sent to the kv store by using the javascript method fetch(). This is what a POST request looks like:

fetch( "my_kv_store_url", { method: "POST", mode: "cors", credentials: "include", headers: { "Content-Type": "application/json", }, body: JSON.stringify(formData), } )

The data is successfully added to the kv store in Splunk 8+. It has a server.conf file which includes these lines:
[httpServer] crossOriginSharingHeaders = X-Splunk-Form-Key, Authorization, Accept ,Content-Type, User-Agent,Referer

However, when I run the app in Splunk version 7.x the POST requests are blocked with this error: "Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response".

Splunk v7 does not support the crossOriginSharingHeaders rule in server.conf.

How can I make this work in Splunk 7x?

Get Updates on the Splunk Community!

How to set Access-Control-Allow-Header for KV Store in Splunk 7.3.4

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Join the Conversation