4

I am trying to write data to Splunk with a jQuery script running in a browser. I already have the following in my 'inputs.conf' file: 

crossOriginSharingPolicy = *

However, the error I'm getting is: 

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://myserver.myco.com:8088/services/collector/event.  
(Reason: missing token 'content-type' in CORS header 'Access-Control-Allow-Headers' from CORS preflight channel).

I have not found a way to set the 'Access-Control-Allow-Headers' from Splunk.

Here is a snippet of the JS code, although I'm not sure it is even necessary to show it (the commented lines are things I tried in desperation, but they made no difference): 

    var dfr = $.ajax({
        url: config.endpoint,
        method: 'post',
//      headers: {
//          "Access-Control-Allow-Origin" : "*",
//          "Access-Control-Allow-Methods" : "GET,POST,PUT,DELETE,OPTIONS",
//          "Access-Control-Allow-Headers": "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With"
//      },
//      crossDomain: true,
        beforeSend: function (xhr) {
            xhr.setRequestHeader("Authorization", header);
        },
        data: JSON.stringify({ event: post }),
        contentType: "application/json; charset=utf-8",
        dataType: "json"
    });

Any suggestions? Do I need to access Splunk via a proxy?

sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
Westy
  • 707
  • 2
  • 10
  • 23

1 Answers1

2

You probably need to set contentType: application/x-www-form-urlencoded and format your data as that (that is, basically just like a normal query string: name-value pairs with the name followed by = and then the value, with the name-value pairs separated from each other by &).

That’s because it seems Splunk doesn’t support application/json requests at all.

Discussion elsewhere indicates it expects POSTs to be application/x-www-form-urlencoded.

But that’d only fix the content-type problem. Because your request sends an Authorization request header, that will also on its own trigger a trigger a CORS preflight OPTIONS request.

And if the Access-Control-Allow-Headers header Splunk sends back doesn’t include Authorization, then you’re gonna run into the same problem you had with Content-Type.

Dunno though, maybe behind the scenes Splunk already includes Authorization in the set of header names it sends back in the Access-Control-Allow-Headers response header.

sideshowbarker
  • 81,827
  • 26
  • 193
  • 197