Getting CORS (Cross Origin Resource Sharing) issue (Druid 0.14.2)


We have a use case, wherein a web application is calling the Druid Broker Query API (ajax call), and we are running into the below CORS issue:

CORS No ‘Access-Control-Allow-Origin’ header is present on the requested resource

I did not find any configuration in Druid documentation to get past this issue (unless I missed anything). Could someone please help me here. We are using 0.14.2 version of Druid




Any suggestions here?




There’s a good discussion in the following URL. It looks like a CORS extension is available, or, you can configure upstream if you’re using a load balancer.

Thank you JB for pointing me towards the discussion thread. It says that allows CORS has security implications.

What are the security issues that we will run into if CORS is enabled?



I was following this thread closely for CORS error facing while querying druid from browser.

I was able to perform below steps:

  1. Loaded the cors filter extension with below command
java \
  -cp "lib/*" \"extensions" \
  -Ddruid.extensions.hadoopDependenciesDir="hadoop-dependencies" \
  org.apache.druid.cli.Main tools pull-deps \
  --no-default-hadoop \
  -c "net.acesinc.druid.extensions:cors-servlet-filter:1.0.0"
  1. This created a new extension cors-servlet-filter in extensions folder with related jars

  2. I set the below field option to true


  1. I was able to start the druid cluster successfully

I still see CORS error while querying data

Could you help me out here if i am missing any step

Hi Shashank,

I tried the same steps you mentioned, and my CORS issue still persists.

It would be super helpful if someone could help us with the resolution for this issue?

Were you able to get this to work?

One work around we are currently trying to use is a cors proxy nodejs server. The browser query requests reach this server before redirecting to druid api.

Attaching the cors proxy server code link below:



Yes, we did the same thing and ended up writing a server side proxy server.