Hi,
I’m trying to reach the REST API using a webapp.
I’m encountering CORS errors. I set http_enable_cors to true but it did not change anything.
I’m using Graylog 4.0.9 ova.
My requests using XmlHttpRequest are blocked:
Access to XMLHttpRequest at 'http://192.168.1.15:9000/api/search/universal/relative' from origin 'http://xxx:' has been blocked by CORS policy: Request header field access-control-allow-origin is not allowed by Access-Control-Allow-Headers in preflight response.
This is how my request looks like:
let xhttp = new XMLHttpRequest();
xhttp.open("GET", "http://192.168.1.15:9000/api/search/universal/relative", false);
xhttp.setRequestHeader('Access-Control-Allow-Origin', '*')
xhttp.setRequestHeader("X-Requested-by", "XMLHttpRequest");
xhttp.setRequestHeader("Accept", "application/json");
xhttp.setRequestHeader("Authority", "Basic "+btoa("admin:PX9tLvLL"));
xhttp.send({
"query":"_id:92586bc0-a9f6-11ec-943d-000c296b6849",
"range":0,
"decorate":true
});
console.log(xhttp.responseText)
Update:
I tried to modify the nginx conf by adding :
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Headers' '*';
add_header 'Access-Control-Allow-Methods' '*';
Then I obtain a 401 Unauthorized
error.
I don’t understand this behavior because the request works when I’m using postman. I guess the problem comes either from my xmlHttpRequest / the cors config or both.
Update 2 :
I reset the server.conf and now I only get 401 errors with exact same request which is working on postman.
I guess the problem is all coming from the CORS and navigator’s security and its pre fetch requests OPTION. I saw they were mandatory for any “complex” request like unusual header like X-Request-by" (which is also mandatory for Graylog calls).
I’ll try to make a home made python api I’ll use like a proxy for requesting directly the graylog API.