You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "daves (Jira)" <ji...@apache.org> on 2022/10/04 16:05:00 UTC

[jira] [Updated] (ARTEMIS-4027) Cannot access management API due to CORS problems (403)

     [ https://issues.apache.org/jira/browse/ARTEMIS-4027?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

daves updated ARTEMIS-4027:
---------------------------
    Attachment: etc.zip

> Cannot access management API due to CORS problems (403)
> -------------------------------------------------------
>
>                 Key: ARTEMIS-4027
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-4027
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>          Components: API
>    Affects Versions: 2.25.0
>            Reporter: daves
>            Priority: Major
>         Attachments: etc.zip, options.JPG
>
>
> I try to access the management API from a client app running in chrome.
> This does not work because the preflight check fails.
> OPTIONS request:
>  
> {code:java}
> fetch("http://localhost:8161/console/jolokia/?maxDepth=7&maxCollectionSize=50000&ignoreErrors=false&canonicalNaming=false", {
>   "headers": {
>     "accept": "*/*",
>     "accept-language": "en-US,en;q=0.9",
>     "sec-fetch-dest": "empty",
>     "sec-fetch-mode": "cors",
>     "sec-fetch-site": "cross-site"
>   },
>   "referrerPolicy": "strict-origin-when-cross-origin",
>   "body": null,
>   "method": "OPTIONS",
>   "mode": "cors",
>   "credentials": "omit"
> });
>  
> {code}
>  
> The request fails with a 403 not authenticated... which is strange since preflight checks must not be authenticated.
> !options.JPG!
>  
> I tried to configure CORS in the jolokia-access.xml file like so:
>  
>  
> {code:java}
> <restrict>
>    <cors>
>      <!-- Allow cross origin access from localhost ... -->
>      <allow-origin>*://*</allow-origin> 
>      <!-- Options from this point on are auto-generated by Create.java from the Artemis CLI -->
>      <!-- Check for the proper origin on the server side, too -->
>      <strict-checking />     
> </cors> </restrict>{code}
>  
>  
> I also tried to specify the URL and port of my application explicitly. But this did not work either.
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)