kafka-rest icon indicating copy to clipboard operation
kafka-rest copied to clipboard

Published 20 hours ago verified publisher icon confluentinc

CORS - Response does not include Access-Control headers for GET request

Open Tuong-Nguyen opened this issue 7 years ago • 13 comments

I configure CORS settings in kafka-rest.properties file as follow:

access.control.allow.origin=* access.control.allow.methos="GET,POST,PUT,DELETE"

The responses for POST - DELETE requests have Access-Control values in header. However, the GET requests does not have them and Browser may reject the response.

1- If the GET request does not contain Content-Type header, Browser accept the response. 2- If the GET request contains Content-Type header (ex: Content-Type: application/vnd.kafka.json.v2+json), Browser will reject the response.

Confluent Kafka REST should return Access-Control in response because it is configured in the kafka-rest.properties file.

Tuong-Nguyen avatar May 13 '17 02:05 Tuong-Nguyen

same issue.

JozeFe avatar Nov 26 '17 21:11 JozeFe

access.control.allow.origin=* access.control.allow.methods=GET,POST,PUT,DELETE

qi4589746 avatar Dec 08 '17 09:12 qi4589746

Same issue. Is there any update?

Devon-Peroutky avatar Jan 02 '18 20:01 Devon-Peroutky

same issue.

parallaxisjones avatar Jan 09 '18 19:01 parallaxisjones

Same issue. Also do we have support for Access-Control-Allow-Headers?

ankitbansal avatar Feb 06 '18 11:02 ankitbansal

Same issue here.

cxk280 avatar Mar 10 '18 17:03 cxk280

Same

churtado avatar Nov 27 '18 10:11 churtado

Same issue.

abeer-noor avatar Feb 22 '19 12:02 abeer-noor

Same issue. its already configured by default but im still getting CONNECTION ERROR through reverse-proxy(Traefik).. but directly it works..

@ewencp Can any of the devs comment?

Chrislevi avatar Jun 20 '19 16:06 Chrislevi

Same problem, has this been looked at?

CTodd20 avatar Sep 12 '19 17:09 CTodd20

Same problem here, but after some time spent looking at the code, i saw that the class io.confluent.rest.RestConfig has one more related property access.control.allow.headers that can be set. Setting this property makes everything works correctly. At the documentation of kafka-rest this property isn't listed.

To use CORS on kafka-rest we need to set this 3 lines at the kafka-rest.properties:

access.control.allow.origin=*
access.control.allow.methos=GET,POST,PUT,DELETE
access.control.allow.headers=origin,content-type,accept,authorization

jairsjunior avatar Jan 16 '20 12:01 jairsjunior

Thank you @jairsjunior To expound on it, I had to modify the file kafka-rest.properties inside ../confluent-6.0.0/etc/kafka-rest folder, then restart the REST server.

raymond-ong avatar Nov 03 '20 08:11 raymond-ong

For the ones using the docker-compose file that would correspond to the environment entries:

environment:
      ...
      KAFKA_REST_ACCESS_CONTROL_ALLOW_ORIGIN: "*"
      KAFKA_REST_ACCESS_CONTROL_ALLOW_METHODS: "GET,POST,PUT,DELETE"
      KAFKA_REST_ACCESS_CONTROL_ALLOW_HEADERS: "origin,content-type,accept,authorization"

Caruso33 avatar Nov 23 '21 14:11 Caruso33