[
https://issues.apache.org/jira/browse/ARTEMIS-3062?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17264375#comment-17264375
]
Justin Bertram commented on ARTEMIS-3062:
-----------------------------------------
On second thought, I don't think I want to automatically relax CORS in case of
an {{http-host}} of {{0.0.0.0}}. We really want the broker to be locked down by
default, even when using {{0.0.0.0}}. It will simply be up to the user to add
the proper origins to the {{jolokia-access.xml}} file.
[~rolaca11], you just need to add the IP addresses and/or hostnames to the CORS
configuration that any clients will use to access the web console.
Alternatively you might consider binding the broker (and the embedded HTTP
server) to a specific address rather than {{0.0.0.0}}. This is the generally
recommended practice.
> Incorrect Jolokia access config when using 0.0.0.0 http-host
> ------------------------------------------------------------
>
> Key: ARTEMIS-3062
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3062
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Reporter: Justin Bertram
> Assignee: Justin Bertram
> Priority: Major
>
> I downloaded Apache Artemis 2.16.0 from the official site and created an
> instance with command {{artemis create --http-host 0.0.0.0 --user default
> --password --default -- /var/lib/artemis}}.
> I set {{http-host}} to {{0.0.0.0}}, to let me access the management console
> from any address. This lets me access the console, but the configuration is
> wrong, since it sets the {{jolokia-access.xml:restrict.cors.allow-origin}} to
> {{\*://0.0.0.0*}}, which means that even though I can technically access the
> console, I get no data, just a mostly empty screen.
> I can, by hand, edit the file attribute to {{\*://*}}, but I'd prefer having
> the command do this to me instead. Is it a bug in the instance generator, or
> am I missing something?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
