[jira] [Commented] (SOLR-12292) Make it easier to configure Solr with CORS

Tue, 08 May 2018 16:47:32 -0700 

    [ 
https://issues.apache.org/jira/browse/SOLR-12292?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16468116#comment-16468116
 ] 

Jan Høydahl commented on SOLR-12292:
------------------------------------

If we make it easy enough to configure CORS origins, we don't need to have it 
open for all origins by default, we can pre-configure for all nodes in same 
cluster to enable Admin UI access.

Perhaps this could be a new clusterProp {{corsOrigins}}, taking a comma 
separated list of valid origins? Then we already have the infrastructure to 
edit the list, through the CLUSTERPROP API and zkcli.sh. We could add an 
AdminUI edit screen too if we want.

> Make it easier to configure Solr with CORS
> ------------------------------------------
>
>                 Key: SOLR-12292
>                 URL: https://issues.apache.org/jira/browse/SOLR-12292
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Server
>            Reporter: Jan Høydahl
>            Priority: Major
>
> While working on SOLR-8207 I wanted to collect info from other SolrCloud 
> nodes from the AdminUI. However this is blocked by 
> [CORS|https://en.wikipedia.org/wiki/Cross-origin_resource_sharing] policy. In 
> that Jira I instead did the fan-out on the Solr server side for the two 
> handler I needed.
> It would be nice if all nodes in a SolrCloud cluster could automatically 
> accept any other node as a legal origin, and make it easy for users to add 
> other origins by config.
> If we use the [Jetty CORS 
> filter|http://www.eclipse.org/jetty/documentation/9.4.9.v20180320/cross-origin-filter.html]
>  in web.xml, perhaps we could parse a env.var from solr.in.xx and inject into 
> the {{allowedOrigins}} property of that filter? There is also SOLR-6059 which 
> tries to implement CORS inside of Solr handlers and not in Jetty. Don't know 
> pros/cons of those.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to