[
https://issues.apache.org/jira/browse/ARTEMIS-4027?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17612769#comment-17612769
]
Justin Bertram commented on ARTEMIS-4027:
-----------------------------------------
Thanks for the info. [The
link|https://gist.github.com/rhuss/e0c949f7564a47943460] you provided was quite
helpful. I think the problem here is the [catch-22 which he
described|https://gist.github.com/rhuss/e0c949f7564a47943460#cors-and-authentication]
where authentication is being enforced on the {{OPTIONS}} method. If I log
into the console I don't get the HTTP 403 when executing the {{OPTIONS}}
{{fetch}}. Unfortunately I'm not sure how to resolve that at the moment.
In the meantime could you elaborate on your use-case? Are you trying to build a
custom web console of your own using Jolokia underneath?
> Cannot access management API due to CORS problems (403)
> -------------------------------------------------------
>
> Key: ARTEMIS-4027
> URL: https://issues.apache.org/jira/browse/ARTEMIS-4027
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Components: API
> Affects Versions: 2.25.0
> Reporter: daves
> Priority: Major
> Attachments: artemis.log, consoleError.JPG, etc.zip, f1.JPG, f2.JPG,
> options.JPG
>
>
> I try to access the management API from a client app running in chrome.
> This does not work because the preflight check fails.
> OPTIONS request:
>
> {code:java}
> fetch("http://localhost:8161/console/jolokia/?maxDepth=7&maxCollectionSize=50000&ignoreErrors=false&canonicalNaming=false";,
> {
> "headers": {
> "accept": "*/*",
> "accept-language": "en-US,en;q=0.9",
> "sec-fetch-dest": "empty",
> "sec-fetch-mode": "cors",
> "sec-fetch-site": "cross-site"
> },
> "referrerPolicy": "strict-origin-when-cross-origin",
> "body": null,
> "method": "OPTIONS",
> "mode": "cors",
> "credentials": "omit"
> });
>
> {code}
>
> The request fails with a 403 not authenticated... which is strange since
> preflight checks must not be authenticated.
> !options.JPG!
>
> I tried to configure CORS in the jolokia-access.xml file like so:
>
>
> {code:java}
> <restrict>
> <cors>
> <!-- Allow cross origin access from localhost ... -->
> <allow-origin>*://*</allow-origin>
> <!-- Options from this point on are auto-generated by Create.java from
> the Artemis CLI -->
> <!-- Check for the proper origin on the server side, too -->
> <strict-checking />
> </cors> </restrict>{code}
>
>
> I also tried to specify the URL and port of my application explicitly. But
> this did not work either.
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
