Skip to content

CORS support for API endpoints #1992

Description

@DougTidwell

Is your feature request related to a problem? Please describe.
API Endpoints let you create REST endpoints from SQL statements. But due to CORS issues, you can't use that endpoint in a web app without a proxy in front of ClickHouse. The ClickHouse server lets you define a single CORS header for the server, but you can't define anything for an endpoint.

Describe the solution you'd like
A way to define a list of domains that are allowed to connect to the API endpoint. For each one, there should be a way to define (or generate) the related configuration details, such as Access-Control-Allow-Origin and Access-Control-Allow-Methods headers and any needed handlers for the HTTP OPTIONS verb.

Describe alternatives you've considered

  • The ham-fisted alternative is to put something like a simple nginx proxy in front of the ClickHouse server to handle the CORS requests. That works, but it's one more thing to build and maintain.
  • ClickHouse Cloud has added this feature to their version of API Endpoints (see their documentation for details; screen caps of their interface aren't included).
  • You can also set up an <http_handler> and use ClickHouse to deploy your web app. That involves storing HTML in a table or putting the source of a web page in a CDATA section in the XML config. And that only solves the CORS problem if you're hosting the web app yourself. If someone has a web app hosted elsewhere that uses API endpoints to display data from your ClickHouse server, this doesn't work at all.

Additional context
The NYC Taxi Demo on the Altinity Demos page was deployed using an <http_header> to serve an HTML page. Because the web app and the database are on the same machine, there aren't any CORS issues.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions