Allow configuring Access-Control-Allow-Origin header #535
Labels
area/auth
App authentication related issues
good first issue
Up for grabs
scope/backend
Related to backend changes
status/triage/completed
Automatic triage completed
type/enhancement
En enhancement/improvement to an already existing feature
Issue submitter TODO list
Is your proposal related to a problem?
No response
Describe the feature you're interested in
I'd like to be define a custom Access-Control-Allow-Origin header value, in order to restrict other websites from accessing my deployment of Kafka-UI APIs.
The header value is currently hardcoded to
*
in CorsGlobalConfiguration.java.It'll be nice if this was configurable via spring properties.
Describe alternatives you've considered
I considered mutating the header at the load balancer level. Unfortunately, I'm using an AWS ALB load balancer and I don't think this feature is supported. At least, not via the Kubernetes ALB ingress controller.
Kafka-UI with oauth2 does prevent cross-origin requests because;
AND
But as a defense-in-depth approach, it would still be good to control the value of Access-Control-Allow-Origin header.
Version you're running
8c70126
Additional context
No response
The text was updated successfully, but these errors were encountered: