[Bug] WebHDFS CORS configuration does not take effect on DataNode (Hadoop 3.5.0)

西巴君 Mon, 06 Apr 2026 01:34:47 -0700

Hello Hadoop community,


I am running a pseudo-distributed Hadoop 3.5.0 cluster on Debian 13.
I am trying to use WebHDFS to upload files to the DataNode via a browser
from a different origin.


My configuration for CORS in core-site.xml is as follows:


<property&gt;
&nbsp; &nbsp; <name&gt;hadoop.http.filter.initializers</name&gt;
&nbsp; &nbsp; 
<value&gt;org.apache.hadoop.security.HttpCrossOriginFilterInitializer</value&gt;
</property&gt;
<property&gt;
&nbsp; &nbsp; <name&gt;hadoop.http.cross-origin.enabled</name&gt;
&nbsp; &nbsp; <value&gt;true</value&gt;
</property&gt;
<property&gt;
&nbsp; &nbsp; <name&gt;hadoop.http.cross-origin.allowed-origins</name&gt;
&nbsp; &nbsp; <value&gt;*</value&gt;
</property&gt;
<property&gt;
&nbsp; &nbsp; <name&gt;hadoop.http.cross-origin.allowed-methods</name&gt;
&nbsp; &nbsp; <value&gt;GET,POST,PUT,DELETE,HEAD</value&gt;
</property&gt;
<property&gt;
&nbsp; &nbsp; <name&gt;hadoop.http.cross-origin.allowed-headers</name&gt;
&nbsp; &nbsp; <value&gt;X-Requested-With,Content-Type,Accept,Origin</value&gt;
</property&gt;
<property&gt;
&nbsp; &nbsp; <name&gt;hadoop.http.cross-origin.max-age</name&gt;
&nbsp; &nbsp; <value&gt;1800</value&gt;
</property&gt;


HDFS-site.xml:
&nbsp; &nbsp;<property&gt;
&nbsp;&nbsp;&nbsp; &nbsp; &nbsp; <name&gt;dfs.replication</name&gt;
&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;<value&gt;1</value&gt;
&nbsp; &nbsp; </property&gt;
&nbsp; &nbsp; <property&gt;
&nbsp; &nbsp; &nbsp; &nbsp; <name&gt;dfs.permissions.enabled</name&gt;
&nbsp; &nbsp; &nbsp; &nbsp; <value&gt;false</value&gt;
&nbsp; &nbsp; </property&gt;




When I try to upload a file from the browser, I get the following error:


Access to XMLHttpRequest at
'http://debian:9864/webhdfs/v1/user/liuye/a.txt?op=CREATE&amp;namenoderpcaddress=localhost:9000&amp;createflag=&amp;createparent=true&amp;overwrite=false'
from origin 'http://localhost:9870' has been blocked by CORS policy:
Request header field content-type is not allowed by Access-Control-Allow-Headers
in preflight response.


I have verified with curl that the OPTIONS request returns:


HTTP/1.1 200 OK
access-control-allow-origin: *
access-control-allow-headers: accept
access-control-allow-methods: PUT
access-control-max-age: 1728000
content-length: 0


It seems that the DataNode does not respect the CORS configuration in 
core-site.xml,
and the allowed headers are limited to 'accept' instead of '*'.


Additional environment details:
- OS: Debian 13
- Hadoop version: 3.5.0
- Java version: OpenJDK 17
- Mode: Pseudo-distributed


Could you please confirm if this is a known limitation, or provide guidance
on how to make DataNode WebHDFS fully respect CORS configuration?


Thank you very much for your time and help.


Best regards,
Liuye


西巴君
[email protected]

[Bug] WebHDFS CORS configuration does not take effect on DataNode (Hadoop 3.5.0)

Reply via email to