[ https://issues.apache.org/jira/browse/SOLR-12292?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16464569#comment-16464569 ]
David Smiley commented on SOLR-12292: ------------------------------------- Even with POST, what good would that do to a SearchHandler? > Make it easier to configure Solr with CORS > ------------------------------------------ > > Key: SOLR-12292 > URL: https://issues.apache.org/jira/browse/SOLR-12292 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Components: Server > Reporter: Jan Høydahl > Priority: Major > > While working on SOLR-8207 I wanted to collect info from other SolrCloud > nodes from the AdminUI. However this is blocked by > [CORS|https://en.wikipedia.org/wiki/Cross-origin_resource_sharing] policy. In > that Jira I instead did the fan-out on the Solr server side for the two > handler I needed. > It would be nice if all nodes in a SolrCloud cluster could automatically > accept any other node as a legal origin, and make it easy for users to add > other origins by config. > If we use the [Jetty CORS > filter|http://www.eclipse.org/jetty/documentation/9.4.9.v20180320/cross-origin-filter.html] > in web.xml, perhaps we could parse a env.var from solr.in.xx and inject into > the {{allowedOrigins}} property of that filter? There is also SOLR-6059 which > tries to implement CORS inside of Solr handlers and not in Jetty. Don't know > pros/cons of those. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org