-
-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow configuring Access-Control-Allow-Origin header #535
Comments
Hi PhilGrayson-flutterint! 👋 Welcome, and thank you for opening your first issue in the repo! Please wait for triaging by our maintainers. As development is carried out in our spare time, you can support us by sponsoring our activities or even funding the development of specific issues. If you plan to raise a PR for this issue, please take a look at our contributing guide. |
Hey @Haarolean ! I went through the problem statement, and I believe it's an important enhancement for controlling access via CORS. I'm really interested in contributing a solution here. Instead of hardcoding the value of Access-Control-Allow-Origin, we could use the @value annotation to dynamically fetch the value from a configuration property, making it more flexible. I'm new towards contributing in open source, any guidance will be helpful here !! |
@aditya-baldwa sure, please. Instead of using a bunch of |
@Haarolean Thank you for the feedback! I'll implement the solution using a new configuration class with I'll proceed with this approach and submit a PR soon. Any other guidance or details you'd like me to keep in mind would be appreciated! |
Hey @Haarolean, a friendly follow up here. How are we progressing with the review of the PR |
Issue submitter TODO list
Is your proposal related to a problem?
No response
Describe the feature you're interested in
I'd like to be define a custom Access-Control-Allow-Origin header value, in order to restrict other websites from accessing my deployment of Kafka-UI APIs.
The header value is currently hardcoded to
*
in CorsGlobalConfiguration.java.It'll be nice if this was configurable via spring properties.
Describe alternatives you've considered
I considered mutating the header at the load balancer level. Unfortunately, I'm using an AWS ALB load balancer and I don't think this feature is supported. At least, not via the Kubernetes ALB ingress controller.
Kafka-UI with oauth2 does prevent cross-origin requests because;
AND
But as a defense-in-depth approach, it would still be good to control the value of Access-Control-Allow-Origin header.
Version you're running
8c70126
Additional context
No response
The text was updated successfully, but these errors were encountered: