Cross-Origin Resource Sharing Policy
Cross-Origin Resource Sharing (CORS) is a feature that protects users against a variety of common attacks such as Cross-Site Scripting (XSS). It does this by controlling whether content from third-parties can be rendered in the browser jointly with content from the server. Specifically, web servers that use CORS add an HTTP header,
access-control-allow-origin, that specifies which domains are allowed to provide content. For more information about how CORS works, search for "Cross-Origin Resource Sharing" on Wikipedia.
By default, the (DSP) has a permissive CORS policy that does not restrict which third-party domains can provide content. This is because DSP is deployed and operated on customer-owned IT resources, so the permissive CORS policy ensures that your DSP deployment can operate in tandem with other resources already present in your IT estate. After installing DSP, you can configure the appropriate CORS policy to fit your own needs. Best practices are to configure a "least privilege" CORS policy to only allow content from the particular domains that you require have access to DSP.
Restrict DSP UI access by enforcing a stricter CORS policy
Perform the following steps from the working directory of a master node to enforce a stricter CORS policy.
- Specify that you want to enforce a stricter CORS policy.
./set-config K8S_CHECK_HTTP_ORIGIN true
- List the domains that must have access to the DSP UI.
./set-config K8S_HTTP_ORIGIN_DOMAIN <https://secure-domain.example.com>
- Deploy the changes.
Uninstall the Splunk Data Stream Processor
Secure the DSP cluster with SSL/TLS certificates
This documentation applies to the following versions of Splunk® Data Stream Processor: 1.2.4, 1.2.5, 1.3.0, 1.3.1
Feedback submitted, thanks!