I’ve tried to configure the ARI in asterisk for internal use, setting the allowed_origins to only an internal network. However this caused that the asterisk stopped to receive calls from upstream SIP peer, but ARI seems to be available from anywhere. Could someone explain what this option really does? It looks like it is not limiting the ARI reachability, but origins for other services. Do I missunderstand the ARI manual “A comma separated list of allowed origins for Cross-Origin Resource Sharing.”?
It only configures CORS for the HTTP requests received by the ARI functionality. If SIP stopped working, then that is unrelated.
Yep, I was looking in the code and it checks the origin in http header i.e. it is not preventing this port to be reachable with probes or other requests without a header. But I yet have to find details how this could incfluence the SIP as this does not make much sense to me too…