lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl (JIRA) <j...@apache.org>
Subject [jira] [Commented] (SOLR-12292) Make it easier to configure Solr with CORS
Date Tue, 08 May 2018 23:47:00 GMT

    [ https://issues.apache.org/jira/browse/SOLR-12292?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16468116#comment-16468116
] 

Jan Høydahl commented on SOLR-12292:
------------------------------------

If we make it easy enough to configure CORS origins, we don't need to have it open for all
origins by default, we can pre-configure for all nodes in same cluster to enable Admin UI
access.

Perhaps this could be a new clusterProp {{corsOrigins}}, taking a comma separated list of
valid origins? Then we already have the infrastructure to edit the list, through the CLUSTERPROP
API and zkcli.sh. We could add an AdminUI edit screen too if we want.

> Make it easier to configure Solr with CORS
> ------------------------------------------
>
>                 Key: SOLR-12292
>                 URL: https://issues.apache.org/jira/browse/SOLR-12292
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Server
>            Reporter: Jan Høydahl
>            Priority: Major
>
> While working on SOLR-8207 I wanted to collect info from other SolrCloud nodes from the
AdminUI. However this is blocked by [CORS|https://en.wikipedia.org/wiki/Cross-origin_resource_sharing] policy.
In that Jira I instead did the fan-out on the Solr server side for the two handler I needed.
> It would be nice if all nodes in a SolrCloud cluster could automatically accept any other
node as a legal origin, and make it easy for users to add other origins by config.
> If we use the [Jetty CORS filter|http://www.eclipse.org/jetty/documentation/9.4.9.v20180320/cross-origin-filter.html] in
web.xml, perhaps we could parse a env.var from solr.in.xx and inject into the {{allowedOrigins}}
property of that filter? There is also SOLR-6059 which tries to implement CORS inside of Solr
handlers and not in Jetty. Don't know pros/cons of those.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message