Confluent Kafka REST Proxy CORS - Tuong-Nguyen/Angular-D3-Cometd GitHub Wiki
1. CORS
Cross-Origin Resource Sharing (CORS) is a W3C spec that allows cross-domain communication from the browser. By building on top of the XMLHttpRequest object, CORS allows developers to work with the same idioms as same-domain requests.
A resource makes a cross-origin HTTP request when it requests a resource from a domain or port which is different from the one which the first resource itself serves.
For example, we have an HTML page served from http://domain-a.com, beside that, it contains resources like CSS stylesheets, images or something else from http://domain-b.com. When we load resources from domain-b, it make a cross-origin HTTP request.
Generally, for security reasons, browsers restrict cross-origin HTTP requests initiated from within scripts. So, a web application using XMLHttpRequest or Fetch could only make HTTP requests to its own domain.
The Cross-Origin Resource Sharing (CORS) mechanism gives web servers cross-domain access controls, which enable secure cross-domain data transfers. Modern browsers use CORS in an API container - such as XMLHttpRequest or Fetch - to mitigate risks of cross-origin HTTP requests.
2. Configuration CORS Confluent Kafka
In confluent folder, type command:
nano ./etc/kafka-rest/kafka-rest.properties
Then the kafka-rest.properties file is open, edit it by adding:
access.control.allow.origin=*access.control.allow.methods=GET,POST,PUT,DELETE,OPTIONS,HEAD
Further more, http://docs.confluent.io/current/kafka-rest/docs/config.html
Confluent 3.2.1 - Testing:
Confluent Kafka REST proxy does not return Allow-Controll-Allow-Origin for GET request even though it is configured. (An issue is raised - https://github.com/confluentinc/kafka-rest/issues/308).
A workaround is not set Content-Type for GET request, browser does not check CORS for this GET request. Otherwise, browser will reject the response when it does not contain valid Allow-Controll-Allow-Origin.