[
https://issues.apache.org/jira/browse/ARTEMIS-4027?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17612726#comment-17612726
]
daves commented on ARTEMIS-4027:
--------------------------------
[~jbertram] Thanks for looking at the issue!
I don't think the problem is Windows or environment specific...
To verify if a script from origin A is allowed to request anything from origin
B a browser performs a preflight request. A preflight request is an
unauthenticated HTTP OPTIONS request. If the server allows requests from origin
A it will indicate so to the browser with an HTTP header in the response
(Access-Control-Allow-Origin).
See: [https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request]
When I send the request from my browsers console I get the following error
(which tells me it's a CORS problem):
!consoleError.JPG!
The same problem also occurs when running the request from FireFox:
!f1.JPG!!f2.JPG!
I see the request in the Artemis log ,but I can't find anything helping to
understand what is happening. (I've added the log to the ticket). [^artemis.log]
While searching for CORS related problems like this one, I found this:
[https://gist.github.com/rhuss/e0c949f7564a47943460] But I don't understand
much of the Java specific part... not sure how helpful it is.
> Cannot access management API due to CORS problems (403)
> -------------------------------------------------------
>
> Key: ARTEMIS-4027
> URL: https://issues.apache.org/jira/browse/ARTEMIS-4027
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Components: API
> Affects Versions: 2.25.0
> Reporter: daves
> Priority: Major
> Attachments: artemis.log, consoleError.JPG, etc.zip, f1.JPG, f2.JPG,
> options.JPG
>
>
> I try to access the management API from a client app running in chrome.
> This does not work because the preflight check fails.
> OPTIONS request:
>
> {code:java}
> fetch("http://localhost:8161/console/jolokia/?maxDepth=7&maxCollectionSize=50000&ignoreErrors=false&canonicalNaming=false";,
> {
> "headers": {
> "accept": "*/*",
> "accept-language": "en-US,en;q=0.9",
> "sec-fetch-dest": "empty",
> "sec-fetch-mode": "cors",
> "sec-fetch-site": "cross-site"
> },
> "referrerPolicy": "strict-origin-when-cross-origin",
> "body": null,
> "method": "OPTIONS",
> "mode": "cors",
> "credentials": "omit"
> });
>
> {code}
>
> The request fails with a 403 not authenticated... which is strange since
> preflight checks must not be authenticated.
> !options.JPG!
>
> I tried to configure CORS in the jolokia-access.xml file like so:
>
>
> {code:java}
> <restrict>
> <cors>
> <!-- Allow cross origin access from localhost ... -->
> <allow-origin>*://*</allow-origin>
> <!-- Options from this point on are auto-generated by Create.java from
> the Artemis CLI -->
> <!-- Check for the proper origin on the server side, too -->
> <strict-checking />
> </cors> </restrict>{code}
>
>
> I also tried to specify the URL and port of my application explicitly. But
> this did not work either.
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
