Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

CORS header 'Access-Control-Allow-Origin' missing exception invoking NiFi flow rest endpoint.

Solved Go to solution
Highlighted

CORS header 'Access-Control-Allow-Origin' missing exception invoking NiFi flow rest endpoint.

I have NiFi flow exposed as REST endpoint using ListenHTTP processor. I am able to access the REST endpoint using java client with no issues but when I tried accessing the same endpoint using web application (html/javascript) I am getting following exception.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at <REST end point>. (Reason: CORS header 'Access-Control-Allow-Origin' missing).

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: CORS header 'Access-Control-Allow-Origin' missing exception invoking NiFi flow rest endpoint.

I am able to resolved this by using XMLHttpRequest object event handlers on the client side application.

View solution in original post

8 REPLIES 8
Highlighted

Re: CORS header 'Access-Control-Allow-Origin' missing exception invoking NiFi flow rest endpoint.

I am able to resolved this by using XMLHttpRequest object event handlers on the client side application.

View solution in original post

Highlighted

Re: CORS header 'Access-Control-Allow-Origin' missing exception invoking NiFi flow rest endpoint.

New Contributor

Hello Milind,

I have run into the same issue and I do not see way how to set 'Access-Control-Allow-Origin' header in ListenHTTP processor.

"Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://XXX' is therefore not allowed access." Could you please share more details how you solved it? Thanks,

Tomas

Highlighted

Re: CORS header 'Access-Control-Allow-Origin' missing exception invoking NiFi flow rest endpoint.

New Contributor

I managed to solve it with jQuery like this:

$.ajax({
    url: url,
    type: "POST",
    crossDomain: true,
    data: data,
    dataType: "json",
    success:function(result){
        alert(JSON.stringify(result));
    },
    error:function(xhr,status,error){
        alert(status);
    }
});
Highlighted

Re: CORS header 'Access-Control-Allow-Origin' missing exception invoking NiFi flow rest endpoint.

New Contributor

The previous was not quite correct - still some errors in browser. Finally I solved it using handleHttpRequest and handleHttpResponse porocessor the latter one returning custom header (aka custom property)access-control-allow-origin:*

Highlighted

Re: CORS header 'Access-Control-Allow-Origin' missing exception invoking NiFi flow rest endpoint.

New Contributor

Hi All, Please let me know validation checkpoints to do this. Still not able to figure out .

Highlighted

Re: CORS header 'Access-Control-Allow-Origin' missing exception invoking NiFi flow rest endpoint.

New Contributor

I'm glad you were able to find a workaround. But if I understand the solution correctly, then we must use JQuery and abandon hopes of using the Fetch API? I would like to use CORS for the added security and feel like this is not a holistic solution. The root issue seems to be that NiFi admins cannot add origins. Is this really the only option?

Highlighted

Re: CORS header 'Access-Control-Allow-Origin' missing exception invoking NiFi flow rest endpoint.

New Contributor
Hi All, I allowed access via custom attribute in httpresponse but still having CORS Policy issue, Please let me know what all checks are required to validate it .
Highlighted

Re: CORS header 'Access-Control-Allow-Origin' missing exception invoking NiFi flow rest endpoint.

New Contributor

Hi,

 

I added the following on the handle response processor:

 

Access-Control-Allow-Headers: Content-Type

Access-Control-Allow-Methods: POST

Access-Control-Allow-Origin: *

 

I also had to allow the options method in the handle http request processor and respond to the options request with this header. You could use wildcards for everything if you are testing.

 

The browser does a preflight options request for cross origin requests. It does this if it is not classified as a simple request: https://stackoverflow.com/a/40373949/3359365

 

So if you set the content-type to application/json on the client for a cross origin post the browser will check if the server supports it with the options request.

Don't have an account?
Coming from Hortonworks? Activate your account here