Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CORS headers to allow JavaScript applications direct access #335

Closed
iconara opened this issue Sep 11, 2014 · 4 comments · Fixed by #558
Closed

Add CORS headers to allow JavaScript applications direct access #335

iconara opened this issue Sep 11, 2014 · 4 comments · Fixed by #558
Labels
type/enhancement Proposed improvement or new feature

Comments

@iconara
Copy link
Contributor

iconara commented Sep 11, 2014

As far as I can tell there is no option to enable CORS on the HTTP API. This means that it's not possible to write a JavaScript application that interacts with a Consul agent without also writing a backend for it to tunnel requests through, or making the Consul agent itself serve the application.

I can see how some would prefer not to have CORS enabled by default, but an option to enable it would be very welcome.

Here's an some examples of what I would use it for:

  • We have dashboards that visualize metrics and statuses from some of our services. These are "static" JavaScript applications, just HTML, JS and CSS with no backends, which make them very easy to deploy, or run on your own machine, or wherever is convenient. Currently they need configuration that tells them where the services that they visualize are, but being able to load service endpoints from Consul would mean that they would only require the hostname of a single Consul agent to be able to discover everything else.
  • We would also want to build custom visualizations of the data in Consul, for example a dashboard showing the status of all services, or all services with some tag, or other groupings. The Consul UI is a good start, but we have much more knowledge about the details of our system and can build visualizations that are specific to our needs.

Would it be possible to add an option to make the HTTP API set CORS headers?
@pearkes
Copy link
Contributor

pearkes commented Sep 11, 2014

I agree, you should be able to configure what header to set here, keeping the current default of no header.

@armon
Copy link
Member

armon commented Sep 11, 2014

Yeah this is a good idea, we can add this.

@iconara
Copy link
Contributor Author

iconara commented Sep 11, 2014

That's great! Do you need any help? I'm no Go coder, but if you need someone to test it just tell me when.

@armon armon added the type/enhancement Proposed improvement or new feature label Oct 14, 2014
@ceh
Copy link
Contributor

ceh commented Dec 27, 2014

What about adding an object to the configuration which allows the headers to be specified in free form, e.g.:

  {
    "http_api_response_headers": {
        "Access-Control-Allow-Origin": "*",
        "X-XSS-Protection" "1; mode=block",
        "X-Frame-Options": "SAMEORIGIN"
    }
  }

Where each specified header is added as an HTTP header response field on all HTTP API endpoint responses.

I'll compose a proposal since this approach is trivial.

@ceh ceh mentioned this issue Dec 28, 2014
Merged
@armon armon closed this as completed in #558 Jan 5, 2015
duckhan pushed a commit to duckhan/consul that referenced this issue Oct 24, 2021
@lawliet89
Add Affinity and Tolerations to Inject and Sync (hashicorp#335)
42b8065
duckhan pushed a commit to duckhan/consul that referenced this issue Oct 24, 2021
@lkysow
Update to latest serviceresolver code (hashicorp#335)
9f994ed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/enhancement Proposed improvement or new feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add ability to specify response headers on the HTTP API
4 participants
@iconara @ceh @armon @pearkes