Splunk® Data Stream Processor

Install and administer the Data Stream Processor

Acrobat logo Download manual as PDF


On October 30, 2022, all 1.2.x versions of the Splunk Data Stream Processor will reach its end of support date. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see the Upgrade the Splunk Data Stream Processor topic.
Acrobat logo Download topic as PDF

Cross-Origin Resource Sharing Policy

Cross-Origin Resource Sharing (CORS) is a feature that protects users against a variety of common attacks such as Cross-Site Scripting (XSS). It does this by controlling whether content from third-parties can be rendered in the browser jointly with content from the server. Specifically, web servers that use CORS add an HTTP header, access-control-allow-origin, that specifies which domains are allowed to provide content. For more information about how CORS works, search for "Cross-Origin Resource Sharing" on Wikipedia.

By default, the (DSP) has a permissive CORS policy that does not restrict which third-party domains can provide content. This is because DSP is deployed and operated on customer-owned IT resources, so the permissive CORS policy ensures that your DSP deployment can operate in tandem with other resources already present in your IT estate. After installing DSP, you can configure the appropriate CORS policy to fit your own needs. Best practices are to configure a "least privilege" CORS policy to only allow content from the particular domains that you require have access to DSP.

Restrict DSP UI access by enforcing a stricter CORS policy

Perform the following steps from the working directory of a master node to enforce a stricter CORS policy.

  1. Specify that you want to enforce a stricter CORS policy.
    ./set-config K8S_CHECK_HTTP_ORIGIN true
    
  2. List the domains that must have access to the DSP UI.
    ./set-config K8S_HTTP_ORIGIN_DOMAIN <https://secure-domain.example.com>
    
  3. Deploy the changes.
    ./deploy
    
Last modified on 29 October, 2021
PREVIOUS
Uninstall the Splunk Data Stream Processor
  NEXT
Secure the DSP cluster with SSL/TLS certificates

This documentation applies to the following versions of Splunk® Data Stream Processor: 1.2.4, 1.2.5, 1.3.0, 1.3.1


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters