[
https://issues.apache.org/jira/browse/DRILL-4690?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15317566#comment-15317566
]
ASF GitHub Bot commented on DRILL-4690:
---------------------------------------
Github user parthchandra commented on a diff in the pull request:
https://github.com/apache/drill/pull/507#discussion_r65994192
--- Diff: exec/java-exec/src/main/resources/drill-module.conf ---
@@ -111,7 +111,14 @@ drill.exec: {
enabled: true,
ssl_enabled: false,
port: 8047
- session_max_idle_secs: 3600 # Default value 1hr
+ session_max_idle_secs: 3600, # Default value 1hr
+ cors: {
+ enabled: true,
--- End diff --
I would default cors.enabled to false and/or set the
access-cotrol-allow-origin to null. Ideally, only the end user should be able
to enable CORS for all sites.
Otherwise looks good to me.
> Header in RestApi CORS support
> -------------------------------
>
> Key: DRILL-4690
> URL: https://issues.apache.org/jira/browse/DRILL-4690
> Project: Apache Drill
> Issue Type: Improvement
> Reporter: Wojciech Nowak
> Priority: Minor
>
> Damien Cantreras raised question on mailing list, related to Drill RestAPI
> support for Header "Access-Control-Allow-Origin: *"
> to allow it being used from a HTML5 application.
> Place where Header should be added
> https://github.com/apache/drill/blob/master/exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/WebServer.java
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
