[ https://issues.apache.org/jira/browse/NIFI-9241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nathan Gough updated NIFI-9241: ------------------------------- Resolution: Fixed Status: Resolved (was: Patch Available) > Review CORS Security Configuration > ---------------------------------- > > Key: NIFI-9241 > URL: https://issues.apache.org/jira/browse/NIFI-9241 > Project: Apache NiFi > Issue Type: Improvement > Components: Core UI, Security > Affects Versions: 1.8.0, 1.14.0 > Reporter: David Handermann > Assignee: David Handermann > Priority: Major > Time Spent: 40m > Remaining Estimate: 0h > > The NiFi Web Security Configuration includes a custom CORS Configuration > Source that disallows HTTP POST requests for Template Uploads. The works as > expected with direct access to the NiFi UI, but causes issues when attempting > to upload a template to NiFi through a reverse proxy. > When a web browser sends a template upload request that includes an > unexpected {{Origin}} header, the Spring CORS Filter returns HTTP 403 > Forbidden with a response body containing the message {{Invalid CORS > Request}}. NIFI-6080 describes a workaround that involves setting a > different {{Origin}} header. The current approach as implemented in > NIFI-5595 should be evaluated for potential improvements to avoid this > behavior when running NiFi with a reverse proxy. -- This message was sent by Atlassian Jira (v8.3.4#803005)