lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Smiley (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-12292) Make it easier to configure Solr with CORS
Date Tue, 01 May 2018 16:35:00 GMT

    [ https://issues.apache.org/jira/browse/SOLR-12292?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16459830#comment-16459830
] 

David Smiley commented on SOLR-12292:
-------------------------------------

Even though this issue is explicitly about admin calls, I want to say that IMO SearchHandler
requests ought to have CORS headers that by default allow any origin.  After all we already
support jsonp and thus search requests are effectively exposed to any host already.

> Make it easier to configure Solr with CORS
> ------------------------------------------
>
>                 Key: SOLR-12292
>                 URL: https://issues.apache.org/jira/browse/SOLR-12292
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Server
>            Reporter: Jan Høydahl
>            Priority: Major
>
> While working on SOLR-8207 I wanted to collect info from other SolrCloud nodes from the
AdminUI. However this is blocked by [CORS|https://en.wikipedia.org/wiki/Cross-origin_resource_sharing] policy.
In that Jira I instead did the fan-out on the Solr server side for the two handler I needed.
> It would be nice if all nodes in a SolrCloud cluster could automatically accept any other
node as a legal origin, and make it easy for users to add other origins by config.
> If we use the [Jetty CORS filter|http://www.eclipse.org/jetty/documentation/9.4.9.v20180320/cross-origin-filter.html] in
web.xml, perhaps we could parse a env.var from solr.in.xx and inject into the {{allowedOrigins}}
property of that filter? There is also SOLR-6059 which tries to implement CORS inside of Solr
handlers and not in Jetty. Don't know pros/cons of those.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message