We have been attempting to write a web application that uses the redash API and have been stymied by CORS errors. We have found that the
REDASH_CORS_ACCESS_CONTROL_ALLOW_ORIGIN setting does not consistently affect the presence of CORS headers in the redash responses.
As we looked more closely, we found that the CORS headers are only provided as part of the
query_result endpoint and not as part of any other endpoint in the redash API.
@arikfr, Why is CORS support only partially implemented in Redash v8? This seems like an egregious oversight. Are you planning to fix this in Redash v9?
redash/handlers/query_results.py we see this block of code
class QueryResultResource(BaseResource): @staticmethod def add_cors_headers(headers): if 'Origin' in request.headers: origin = request.headers['Origin'] if set(['*', origin]) & settings.ACCESS_CONTROL_ALLOW_ORIGIN: headers['Access-Control-Allow-Origin'] = origin headers['Access-Control-Allow-Credentials'] = str(settings.ACCESS_CONTROL_ALLOW_CREDENTIALS).lower()
settings.ACCESS_CONTROL_ALLOW_ORIGIN is populated based on the value of the environment variable
REDASH_CORS_ACCESS_CONTROL_ALLOW_ORIGIN. This happens in
# CORS settings for the Query Result API (and possbily future external APIs). # In most cases all you need to do is set REDASH_CORS_ACCESS_CONTROL_ALLOW_ORIGIN # to the calling domain (or domains in a comma separated list). ACCESS_CONTROL_ALLOW_ORIGIN = set_from_string(os.environ.get("REDASH_CORS_ACCESS_CONTROL_ALLOW_ORIGIN", ""))
There are no other references to
settings.ACCESS_CONTROL_ALLOW_ORIGIN anywhere else in the redash code base.
We have verified that if we access the
query_results endpoint from our webapp running on a different host, the 2 CORS headers (
Access-Control-Allow-*) are present in the responses we get from redash. For all other endpoints, these headers are not present. This obviously limits the usefulness of the Redash API.
This inquiry is related to an inquiry posted by my teammate…
- Redash Version: v8
- Browser/OS: chrome/firefox
- How did you install Redash: We run redash as multiple containers from the provided redash Docker Images, either in Amazon ECS or on our workstations.