Hi Guys,
Is there a setting in snowplow ETL that allows incoming request to the collector from only a list of particular domains? For security purposes, I want the collector to acknowledge and log event data from my domain. eg: anything from x.mydomain.com/abc but if someone sends event from y.otherdomain.com, it should not log that event data.
Thanks in advance for your help
This doesn’t exist yet but there’s an issue in Github to track similar functionality for the Scala stream collector. It doesn’t look like a large piece of work so if you know any Scala I’m sure many people would be grateful for the addition!
There is any workaround/best practice for this issue?
If I have collector endpoint public what I can do?
I put the domain in Crossdomain configuration, but it seems the collector continues to accept requests from any domain.
Thanks
Hey @Fabio_Santos! Beyond contributing the required code to the Stream Collector to handle this case the other workaround would be to put a proxy in front of the collector that could handle the CORS configuration you are after.
If you leveraged something like NGINX in front of the collector you should be able to define whatever CORS headers you need for your use case.
Hope this helps!
Thank you @josh.
Regards,
Fábio Santos