[ 
https://issues.apache.org/jira/browse/YARN-4009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14802894#comment-14802894
 ] 

Varun Vasudev commented on YARN-4009:
-------------------------------------

bq. What happens when both of these are enabled at the same time with different 
settings?

If the filter is set in core-site.xml, it will be enabled irrespective of the 
value set in yarn.timeline-service.http-cross-origin.enabled. There is no 
change in behavior here - if a user sets the existing timeline CORS filter in 
core-site.xml, it will override the value set in 
yarn.timeline-service.http-cross-origin.enabled.

bq.  Is there a need to allow the design to enable this only for webservices 
(REST APIs) instead of the whole webserver (builtin UIs and REST apis)?

I don't think there's any such need. As far as I can tell, we don't treat http 
requests differently i.e. webservices and builtin UI requests are treated the 
same.

bq. Not sure if there is a question of selecting enabling cors support for 
different services such as NN webservices vs RM webservices.

I thought about this - I'm not sure there's any benefit to adding one more set 
of config knobs. The chances are if you're fine with enabling CORS for the RM, 
you're probably fine enabling it for the NMs and the timeline server as well. 
If a user wishes to disable or enable CORS for a particular service, they can 
always set the filter initializers to the appropriate value on the node the 
service is running on(either via core-site.xml or yarn-site.xml).



> CORS support for ResourceManager REST API
> -----------------------------------------
>
>                 Key: YARN-4009
>                 URL: https://issues.apache.org/jira/browse/YARN-4009
>             Project: Hadoop YARN
>          Issue Type: Bug
>            Reporter: Prakash Ramachandran
>            Assignee: Varun Vasudev
>         Attachments: YARN-4009.001.patch, YARN-4009.002.patch, 
> YARN-4009.003.patch, YARN-4009.004.patch
>
>
> Currently the REST API's do not have CORS support. This means any UI (running 
> in browser) cannot consume the REST API's. For ex Tez UI would like to use 
> the REST API for getting application, application attempt information exposed 
> by the API's. 
> It would be very useful if CORS is enabled for the REST API's.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to