Skip to content

CORS Method

Jump to bottom
Naresh Kumar Vudutha edited this page Apr 19, 2019 · 7 revisions

Cruise Control Changes

NOTE: _CC support for CORS has been re-added from commit 9c7ad36017421b2a0265c0d1ab024730b7d4e9de _

Config changes required on CC to use CORS is documented in https://github.com/linkedin/cruise-control-ui/wiki/CORS-Method

CC by default Supports CORS way of accessing its api. Since this method is security sensitive, please make sure you understand consequences of this approach with your Security Team First and then deploy in your environment.

  1. Make changes to CC config/cruisecontrol.properties file as shown below
# Whether CORS support is enabled for API or not
# (default) webserver.http.cors.enabled=false
webserver.http.cors.enabled=true

# Value for Access-Control-Allow-Origin
# (default) webserver.http.cors.origin=http://localhost:8080
# (really brave users) webserver.http.cors.origin=*
webserver.http.cors.origin=http://cc-host.example.com

# Value for Access-Control-Request-Method
webserver.http.cors.allowmethods=OPTIONS,GET,POST

# Headers that should be exposed to the Browser (Webapp)
# This is a special header that is used by the
# User Tasks subsystem and should be explicitly
# Enabled when CORS mode is used as part of the
# Admin Interface
webserver.http.cors.exposeheaders=User-Task-ID,Content-Type

IMPORTANT: The value of webserver.http.cors.origin should match with the location (protocol, hostname, port, path) on which your CCFE application is deployed or else you will get errors. For the really brave users who have secured their environments, please set it to * and any origin server can make requests.

  1. Bounce the CC application

  2. Verify that CC is serving the correct headers

curl -X OPTIONS -v http://cc-1.example.com:9090/kafkacruisecontrol/kafka_cluster_state?json=true
> Host: cc-1.example.com:9090
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Thu, 07 Mar 2019 21:59:11 GMT
< Access-Control-Allow-Origin: http://cc-host.example.com/
< Access-Control-Request-Method: OPTIONS,GET,POST
< Content-Length: 0

Make sure that response includes the following headers Access-Control-Allow-Origin & Access-Control-Request-Method

Cruise Control Frontend Changes

  1. Update the config.csv URL portions to be absolute URLs of CC REST API
  2. Refresh the UI to see latest config.csv in browser.
Clone this wiki locally