Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
In Druid 0.12 there is no endpoint for OPTIONS queries. Thus it is impossible to run CORS queries. #5588
We receive such HTTP query errors (403 return code):
While running CORS HTTP POST query, there is a pre-flight request which is of OPTION type.
Is is missing @options endpoint in QueryResource class
The following extensions exists which I believe will enable CORS -> https://github.com/acesinc/druid-cors-filter-extension
Although I'm not sure that it's a common use case because of the security implications of querying Druid directly from the browser.
It worked on version 0.10 with some headers modification on load balancer in front of druid brokers. Load balancer is configured to add CORS headers to all responses so the cors-filter-extension is not needed.
In version 0.12 there is a new PreResponseAuthorizationCheckFilter in the end of filters chain. It checks for AuthConfig.DRUID_AUTHORIZATION_CHECKED servlet context attribute and if the attribute is not set - returns 403.
The problem is that for OPTIONS request there is no handler responsible for setting servlet attribute AuthConfig.DRUID_AUTHORIZATION_CHECKED. Even if the security is not enabled at all.