Github user sohami commented on a diff in the pull request:
https://github.com/apache/drill/pull/1203#discussion_r181252867
--- Diff:
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/WebServer.java
---
@@ -158,7 +158,13 @@ public void start() throws Exception {
final int selectors =
config.getInt(ExecConstants.HTTP_JETTY_SERVER_SELECTORS);
final QueuedThreadPool threadPool = new QueuedThreadPool(2, 2, 60000);
embeddedJetty = new Server(threadPool);
- embeddedJetty.setHandler(createServletContextHandler(authEnabled));
+ ServletContextHandler webServerContext =
createServletContextHandler(authEnabled);
+ //Allow for Other Drillbits to make REST calls
+ FilterHolder filterHolder = new FilterHolder(CrossOriginFilter.class);
+ filterHolder.setInitParameter("allowedOrigins", "*");
--- End diff --
I am not too familiar with CORS concept but would be good to see if we can
be more restrictive instead of just *. Also when authentication is enabled then
with this filter, CORS request still requires authentication right ? Can you
please confirm this?
---
