[
https://issues.apache.org/jira/browse/ARTEMIS-4027?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17612702#comment-17612702
]
Justin Bertram commented on ARTEMIS-4027:
-----------------------------------------
Perhaps I spoke too soon when I said this seemed like a simple use-case. I
don't have access to a Windows machine/VM, but I used your attached [^etc.zip]
to set up an equivalent broker on my machine. I don't use Chrome, but I have
Chromium and I opened up the dev console and pasted in your original {{fetch}}
request which failed until I removed {{"credentials": "omit"}}. It returned an
HTTP {{200}} so I assume it succeeded (although I'm not sure what a "preflight
check" is). After that I used the {{fetch}} request from your comment and that
also returned an HTTP {{200}}. I've never used the dev console in
Chrome/Chromium so I'm not sure how to verify success or failure. Also, it's
not clear if this problem is really a bug in the broker or just a
configuration/environmental problem.
> Cannot access management API due to CORS problems (403)
> -------------------------------------------------------
>
> Key: ARTEMIS-4027
> URL: https://issues.apache.org/jira/browse/ARTEMIS-4027
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Components: API
> Affects Versions: 2.25.0
> Reporter: daves
> Priority: Major
> Attachments: etc.zip, options.JPG
>
>
> I try to access the management API from a client app running in chrome.
> This does not work because the preflight check fails.
> OPTIONS request:
>
> {code:java}
> fetch("http://localhost:8161/console/jolokia/?maxDepth=7&maxCollectionSize=50000&ignoreErrors=false&canonicalNaming=false";,
> {
> "headers": {
> "accept": "*/*",
> "accept-language": "en-US,en;q=0.9",
> "sec-fetch-dest": "empty",
> "sec-fetch-mode": "cors",
> "sec-fetch-site": "cross-site"
> },
> "referrerPolicy": "strict-origin-when-cross-origin",
> "body": null,
> "method": "OPTIONS",
> "mode": "cors",
> "credentials": "omit"
> });
>
> {code}
>
> The request fails with a 403 not authenticated... which is strange since
> preflight checks must not be authenticated.
> !options.JPG!
>
> I tried to configure CORS in the jolokia-access.xml file like so:
>
>
> {code:java}
> <restrict>
> <cors>
> <!-- Allow cross origin access from localhost ... -->
> <allow-origin>*://*</allow-origin>
> <!-- Options from this point on are auto-generated by Create.java from
> the Artemis CLI -->
> <!-- Check for the proper origin on the server side, too -->
> <strict-checking />
> </cors> </restrict>{code}
>
>
> I also tried to specify the URL and port of my application explicitly. But
> this did not work either.
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
