You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "David Smiley (JIRA)" <ji...@apache.org> on 2018/05/01 16:35:00 UTC
[jira] [Commented] (SOLR-12292) Make it easier to configure Solr
with CORS
[ https://issues.apache.org/jira/browse/SOLR-12292?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16459830#comment-16459830 ]
David Smiley commented on SOLR-12292:
-------------------------------------
Even though this issue is explicitly about admin calls, I want to say that IMO SearchHandler requests ought to have CORS headers that by default allow any origin. After all we already support jsonp and thus search requests are effectively exposed to any host already.
> Make it easier to configure Solr with CORS
> ------------------------------------------
>
> Key: SOLR-12292
> URL: https://issues.apache.org/jira/browse/SOLR-12292
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Server
> Reporter: Jan Høydahl
> Priority: Major
>
> While working on SOLR-8207 I wanted to collect info from other SolrCloud nodes from the AdminUI. However this is blocked by [CORS|https://en.wikipedia.org/wiki/Cross-origin_resource_sharing] policy. In that Jira I instead did the fan-out on the Solr server side for the two handler I needed.
> It would be nice if all nodes in a SolrCloud cluster could automatically accept any other node as a legal origin, and make it easy for users to add other origins by config.
> If we use the [Jetty CORS filter|http://www.eclipse.org/jetty/documentation/9.4.9.v20180320/cross-origin-filter.html] in web.xml, perhaps we could parse a env.var from solr.in.xx and inject into the {{allowedOrigins}} property of that filter? There is also SOLR-6059 which tries to implement CORS inside of Solr handlers and not in Jetty. Don't know pros/cons of those.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org