[
https://issues.apache.org/jira/browse/HIVE-19277?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16451380#comment-16451380
]
Prasanth Jayachandran commented on HIVE-19277:
----------------------------------------------
I am not able to unit test this but from what I read if the response headers
have "Access-Control-Allow-Origin: *" then it will allow cross origin requests.
{code:title=without CORS response headers}
$ curl -H "Access-Control-Request-Method: GET" -H "Origin: https://dag.io";
--head http://localhost:10020/leader
HTTP/1.1 200 OK
Date: Tue, 24 Apr 2018 22:54:28 GMT
Transfer-Encoding: chunked
Server: Jetty(9.3.8.v20160314)
{code}
{code:title=with CORS response headers}
curl -H "Access-Control-Request-Method: GET" -H "Origin: https://dag.io"; --head
http://localhost:10020/leader
HTTP/1.1 200 OK
Date: Tue, 24 Apr 2018 22:59:02 GMT
Content-Type: application/json; charset=utf8
Access-Control-Allow-Methods: GET,DELETE
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Server: Jetty(9.3.8.v20160314)
{code}
[~sershe] can you please review this one? small patch
> Active/Passive HA web endpoints does not allow cross origin requests
> --------------------------------------------------------------------
>
> Key: HIVE-19277
> URL: https://issues.apache.org/jira/browse/HIVE-19277
> Project: Hive
> Issue Type: Bug
> Components: HiveServer2
> Affects Versions: 3.0.0, 3.1.0
> Reporter: Prasanth Jayachandran
> Assignee: Prasanth Jayachandran
> Priority: Major
> Attachments: HIVE-19277.1.patch
>
>
> CORS is not allowed with web endpoints added for active/passive HA. Enable
> CORS by default for all web endpoints.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
