[ https://issues.apache.org/jira/browse/HIVE-19277?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16451380#comment-16451380 ]
Prasanth Jayachandran commented on HIVE-19277: ---------------------------------------------- I am not able to unit test this but from what I read if the response headers have "Access-Control-Allow-Origin: *" then it will allow cross origin requests. {code:title=without CORS response headers} $ curl -H "Access-Control-Request-Method: GET" -H "Origin: https://dag.io" --head http://localhost:10020/leader HTTP/1.1 200 OK Date: Tue, 24 Apr 2018 22:54:28 GMT Transfer-Encoding: chunked Server: Jetty(9.3.8.v20160314) {code} {code:title=with CORS response headers} curl -H "Access-Control-Request-Method: GET" -H "Origin: https://dag.io" --head http://localhost:10020/leader HTTP/1.1 200 OK Date: Tue, 24 Apr 2018 22:59:02 GMT Content-Type: application/json; charset=utf8 Access-Control-Allow-Methods: GET,DELETE Access-Control-Allow-Origin: * Transfer-Encoding: chunked Server: Jetty(9.3.8.v20160314) {code} [~sershe] can you please review this one? small patch > Active/Passive HA web endpoints does not allow cross origin requests > -------------------------------------------------------------------- > > Key: HIVE-19277 > URL: https://issues.apache.org/jira/browse/HIVE-19277 > Project: Hive > Issue Type: Bug > Components: HiveServer2 > Affects Versions: 3.0.0, 3.1.0 > Reporter: Prasanth Jayachandran > Assignee: Prasanth Jayachandran > Priority: Major > Attachments: HIVE-19277.1.patch > > > CORS is not allowed with web endpoints added for active/passive HA. Enable > CORS by default for all web endpoints. -- This message was sent by Atlassian JIRA (v7.6.3#76005)