4.0 upgrade - Browser access failure with DNS name but IP works

Upgraded to 4.0 and now modern browsers fail (Chrome, Firefox, Edge) on hostname access but I am able to connect if I use the server IP. interestingly I can access the server from the most recent version of Internet Explorer with the hostname I was using before. no https… not using certificates (yet)

The Browser error message is:

Request has been terminated
Possible causes: the network is offline, Origin is not allowed by Access-Control-Allow-Origin, the page is being unloaded, etc.

and when I open the developer window (F12) I see the following error:

Access to XMLHttpRequest at 'http://192.168.7.178:9000/api/' from origin 'http://glog:9000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Has anyone seen anything like this? It feels like a “did you check this box here” solution but I haven’t found it after poking around for a while.

If it helps at all, I also see this in the Developer area:

GET http://192.168.2.218:9000/api/ net::ERR_FAILED      client.js:837 
m._end @ client.js:837
m.end @ client.js:711
(anonymous) @ index.js:80
I @ bluebird.js:1033
I._resolveFromExecutor @ bluebird.js:3337
I @ bluebird.js:2922
i.promise @ index.js:79
i.then @ index.js:121
ping @ ServerAvailabilityStore.js:41
setInterval (async)
(anonymous) @ AppFacade.jsx:40
cs @ vendor.594b2a39cb22b445205e.js:2
Oc @ vendor.594b2a39cb22b445205e.js:2
exports.unstable_runWithPriority @ vendor.594b2a39cb22b445205e.js:2
Ua @ vendor.594b2a39cb22b445205e.js:2
Ac @ vendor.594b2a39cb22b445205e.js:2
sc @ vendor.594b2a39cb22b445205e.js:2
(anonymous) @ vendor.594b2a39cb22b445205e.js:2
exports.unstable_runWithPriority @ vendor.594b2a39cb22b445205e.js:2
Ua @ vendor.594b2a39cb22b445205e.js:2
Za @ vendor.594b2a39cb22b445205e.js:2
Va @ vendor.594b2a39cb22b445205e.js:2
uc @ vendor.594b2a39cb22b445205e.js:2
Zc @ vendor.594b2a39cb22b445205e.js:2
exports.render @ vendor.594b2a39cb22b445205e.js:2
(anonymous) @ index.jsx:38
window.onload @ index.jsx:54
load (async)
95eaLShZ @ index.jsx:49
o @ bootstrap:63
(anonymous) @ bootstrap:198
(anonymous) @ app.333c3fdac03b8317da4b.js:2

Howdy–are you accessing the node through a reverse proxy at all?

No proxy. Possible that I am missing a new graylog setting…

Hmmm, the only thing that I’m seeing in my config is:

#### Enable CORS headers for HTTP interface
#
# This is necessary for JS-clients accessing the server directly.
# If these are disabled, modern browsers will not be able to retrieve resources from the server.
# This is enabled by default. Uncomment the next line to disable it.
http_enable_cors = true

Maybe try that if it’s not presently enabled?

That was the checkbox!! Thank you! Turns out that settings commented out in config files show up as dark blue… which is hard for old man eyes to read …