Getting Data In

How to set Access-Control-Allow-Header for KV Store in Splunk 7.3.4

wstrellis
New Member

I created a web app that runs in Splunk. It is installed in $SPLUNK_HOME/etc/apps . The user can enter some data in a form, and then the data is saved in the KV Store. The data is sent to the kv store by using the javascript method fetch(). This is what a POST request looks like:


fetch(
"my_kv_store_url",
{
method: "POST",
mode: "cors",
credentials: "include",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify(formData),
}
)

The data is successfully added to the kv store in Splunk 8+. It has a server.conf file which includes these lines:
[httpServer]
crossOriginSharingHeaders = X-Splunk-Form-Key, Authorization, Accept ,Content-Type, User-Agent,Referer

However, when I run the app in Splunk version 7.x the POST requests are blocked with this error: "Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response".

Splunk v7 does not support the crossOriginSharingHeaders rule in server.conf.

How can I make this work in Splunk 7x?

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

From Data to Insight: Announcing the Winners of the Splunk Dashboard Contest

Hi Splunkers, First off, thank you to everyone who participated in our very first From Data to Insight: The ...

Splunk Developers: Construct Your Future at the .conf26 Builder Bar

Calling all Splunk architects, platform admins, and app developers: the site is open, and the blueprints are ...

Quick connection discovery mode for forwarders

When a Splunk forwarder loses connectivity to its indexers, it does not always reconnect immediately. In many ...