daves created ARTEMIS-4027:
------------------------------
Summary: Cannot access management API due to CORS problems (403)
Key: ARTEMIS-4027
URL: https://issues.apache.org/jira/browse/ARTEMIS-4027
Project: ActiveMQ Artemis
Issue Type: Bug
Components: API
Affects Versions: 2.25.0
Reporter: daves
Attachments: options.JPG
I try to access the management API from a client app running in chrome.
This does not work because the preflight check fails.
OPTIONS request:
{code:java}
fetch("http://localhost:8161/console/jolokia/?maxDepth=7&maxCollectionSize=50000&ignoreErrors=false&canonicalNaming=false";,
{
"headers": {
"accept": "*/*",
"accept-language": "en-US,en;q=0.9",
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "cross-site"
},
"referrerPolicy": "strict-origin-when-cross-origin",
"body": null,
"method": "OPTIONS",
"mode": "cors",
"credentials": "omit"
});
{code}
The request fails with a 403 not authenticated... which is strange since
preflight checks must not be authenticated.
!options.JPG!
I tried to configure CORS in the jolokia-access.xml file like so:
{code:java}
<restrict>
<cors>
<!-- Allow cross origin access from localhost ... -->
<allow-origin>*://*</allow-origin>
<!-- Options from this point on are auto-generated by Create.java from the
Artemis CLI -->
<!-- Check for the proper origin on the server side, too -->
<strict-checking />
</cors> </restrict>{code}
I also tried to specify the URL and port of my application explicitly. But this
did not work either.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
