Influxdb: CORS should be configurable

Created on 28 Dec 2014  路  16Comments  路  Source: influxdata/influxdb

Reviewing https://github.com/influxdb/influxdb/blob/f381697640af34e9f26b875ae8938fe9f7ac4eac/handler.go#L73 it's obvious that CORS is not configurable.

... being able to control the origin and if it's enabled or not would be freaking awesome (and it would help us who reverse proxy influx to give the desired result)

1.x areHTTP kinenhancement preview
Source
picture damm

Most helpful comment

why was this dismissed/closed? It would still be very nice if i could set CORS-headers w/o an additional proxy...

picture Finkregh on 15 Mar 2017
👍6

All 16 comments

Refs #1244

damm picture damm on 28 Dec 2014

Is there any plan to provide reverse-proxy (Nginx for instance) rather than exposing extra ports to the outside and using cross-domain AJAX calls? Ref #1236

ghost picture ghost on 20 Jan 2015

@Sean1e you can reverse proxy now; you just may have to hide a few headers and replace them for everything to work right.

damm picture damm on 20 Jan 2015

Possibly a few rewrites in the admin UI I suspect; might be easier to have nginx listen on 8083/8086 and redirect to 443 ;)

damm picture damm on 20 Jan 2015

@damm what headers are you talking about replacing?

poolski picture poolski on 11 Aug 2015

@poolski you have to hide the CORS headers.

I use Openresty but this is one of my location blocks.

location /db/grafana {
    more_clear_headers 'Access-Control-Allow-Origin';
    more_clear_headers 'Access-Control-Allow-Headers';
    more_clear_headers 'Access-Control-Allow-Methods';
    more_clear_headers 'Access-Control-Max-Age';
   add_header 'Access-Control-Allow-Origin' "$host";
    add_header 'Access-Control-Allow-Credentials' 'true';

It's a little more complicated if the browser hits it with options but at least with Influx 0.8; this was true.

damm picture damm on 11 Aug 2015

+1

yaronr picture yaronr on 20 Feb 2016

why was this dismissed/closed? It would still be very nice if i could set CORS-headers w/o an additional proxy...

Finkregh picture Finkregh on 15 Mar 2017
👍6

Trying to use influxdb with grafana without a proxy inbetween, failing hard because of this.

kaikuchn picture kaikuchn on 5 May 2017

It's pretty trivial but not really googleable I guess... hope this helps those that need it. You will need to apply https://enable-cors.org/server_nginx.html to get cors.

server {
    listen 8087 ssl;
    server_name _;
    ## SSL Settings
    ssl_session_cache    shared:SSL:10m;
    ssl_session_timeout  10m;
    ssl_protocols TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_certificate /etc/ssl/certs/yoursslcert.pem;
    ssl_certificate_key /etc/ssl/private/yourkey.key;
    ssl_dhparam /etc/ssl/private/yourdhparam;
    ## End Settings
    add_header Strict-Transport-Security max-age=1209600;
    access_log /var/log/nginx/influxdb-access.log;
    error_log /var/log/nginx/influxdb-error.log;
    location / {
     if ($request_method = 'OPTIONS') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        #
        # Custom headers and headers various browsers *should* be OK with but aren't
        #
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
        #
        # Tell client that this pre-flight info is valid for 20 days
        #
        add_header 'Access-Control-Max-Age' 1728000;
        add_header 'Content-Type' 'text/plain charset=UTF-8';
        add_header 'Content-Length' 0;
        return 204;
     }
     if ($request_method = 'POST') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
        add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
      proxy_pass http://localhost:8086;
      proxy_http_version 1.1;
      proxy_read_timeout 900s;
      proxy_connect_timeout 900s;
      proxy_send_timeout 900s;

     }
     if ($request_method = 'GET') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
        add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
      proxy_pass http://localhost:8086;
      proxy_http_version 1.1;
      proxy_read_timeout 900s;
      proxy_connect_timeout 900s;
      proxy_send_timeout 900s;

     }
}

}
damm picture damm on 5 May 2017

should i create another bug report? @jwilder

Finkregh picture Finkregh on 18 May 2017

This was closed because it was labeled for the admin interface which is deprecated and will be removed in the next release. Looks like this issue was really about the query endpoint and not admin. I've reopened it.

jwilder picture jwilder on 18 May 2017
👍2

Hey @jwilder
To tell you the truth, the last time I touched a technical project was over a year ago, when I had a startup of my own. But since then I became a VC, and I have very little time to spare, so even though this is a repository I created, I don't really have the time to maintain it.
If you think this is useful, and want to pitch in - I could give you the privileges to help maintain it.
Otherwise, just implement your changes and I will accept them without testing (please test..)

yaronr picture yaronr on 19 May 2017

Hitting exactly the same problem when trying to access influx db with direct access mode from an https grafana instance, I have no possibility to set it up to proxy mode and no possibility to hack proxies in front of influx, I can only touch the influx db config and would like to avoid to have to setup influx with an https listener. Looking at https://github.com/influxdata/influxdb/blob/master/services/httpd/handler.go#L1420, I think that this todo would not be really hard to implement. disabling these check trough a config flag would save people a lot of time.

Thanks

cmunger picture cmunger on 23 Oct 2017
👍1

Given the recent re-labeling, what is the status of this issue? Is it being put into one of the upcoming milestones?

drewboswell picture drewboswell on 31 Oct 2017

closing due to lack of activity. if this is still needed, please open a new issue with the request.

russorat picture russorat on 16 Feb 2019
👎6
Was this page helpful?
0 / 5 - 0 ratings

Related issues

acarapetis picture acarapetis  路  3Comments
davidgubler picture davidgubler  路  3Comments
shilpapadgaonkar picture shilpapadgaonkar  路  3Comments
jonira picture jonira  路  4Comments
jayannah picture jayannah  路  3Comments