[jira] [Created] (ARTEMIS-4027) Cannot access management API due to CORS problems (403)

["daves (Jira)" <ji...@apache.org>]

daves created ARTEMIS-4027:
------------------------------

             Summary: Cannot access management API due to CORS problems (403)
                 Key: ARTEMIS-4027
                 URL: https://issues.apache.org/jira/browse/ARTEMIS-4027
             Project: ActiveMQ Artemis
          Issue Type: Bug
          Components: API
    Affects Versions: 2.25.0
            Reporter: daves
         Attachments: options.JPG

I try to access the management API from a client app running in chrome.

This does not work because the preflight check fails.
OPTIONS request:

 
{code:java}
fetch("http://localhost:8161/console/jolokia/?maxDepth=7&maxCollectionSize=50000&ignoreErrors=false&canonicalNaming=false", {
  "headers": {
    "accept": "*/*",
    "accept-language": "en-US,en;q=0.9",
    "sec-fetch-dest": "empty",
    "sec-fetch-mode": "cors",
    "sec-fetch-site": "cross-site"
  },
  "referrerPolicy": "strict-origin-when-cross-origin",
  "body": null,
  "method": "OPTIONS",
  "mode": "cors",
  "credentials": "omit"
});
 
{code}
 

The request fails with a 403 not authenticated... which is strange since preflight checks must not be authenticated.

!options.JPG!

 

I tried to configure CORS in the jolokia-access.xml file like so:

 
 
{code:java}
<restrict>
   <cors>
     <!-- Allow cross origin access from localhost ... -->
     <allow-origin>*://*</allow-origin> 
     <!-- Options from this point on are auto-generated by Create.java from the Artemis CLI -->
     <!-- Check for the proper origin on the server side, too -->
     <strict-checking />     
</cors> </restrict>{code}
 
 

I also tried to specify the URL and port of my application explicitly. But this did not work either.

 

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)