9

hi am running Elasticsearch version 2.3 and i have an Angular code to query like a search.when i run it i am getting this error even with http.cors.enabled set to true and also with http.cors.allow-origin to /https?:\/\/localhost(:[0-9]+)?/

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://localhost:9200/elastic/_search?size=50. This can be fixed by moving the resource to the same domain or enabling CORS

i don't understand what the problem is.

my request headers.

    User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
Pragma: no-cache
Origin: http://127.0.0.1:8100
Host:   localhost:9200
Connection: keep-alive
Cache-Control:  no-cache
Access-Control-Request-Method:  POST
Access-Control-Request-Headers: content-type
Accept-Language:    en-US,en;q=0.5
Accept-Encoding:    gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

my console looks like this. enter image description here

but if i put the request directly in the browser like this..i get correct output.

enter image description here

NEz
  • 151
  • 1
  • 1
  • 13
  • Are you loading your page via the file:/// protocol or is it served by a web server on localhost? A similar issue can be found [here](http://stackoverflow.com/questions/36907355/elasticsearch-cross-origin-request-blocked-despite-configuring-http-module/36907386#36907386) – Val May 23 '16 at 07:00
  • 1
    via file://...does this make a difference??? – NEz May 23 '16 at 07:02
  • If you read the link I shared you'll see it makes a difference since the Origin is null when loaded from the filesystem. You might get away by upgrading to 2.3.3 as I think they have fixed that CORS issue. – Val May 23 '16 at 07:04
  • 1
    i tried running by installing a simple http server. but still its the same problem and i am running Elasticsearch 2.3.3 – NEz May 23 '16 at 07:40
  • Can you update your question with the request headers you have in the HTTP request + response? – Val May 23 '16 at 07:45
  • this is my request headers.. – NEz May 23 '16 at 08:06
  • What happens if you hit `http://localhost:8100` instead of `http://127.0.0.1:8100`? – Val May 23 '16 at 08:08
  • its still the same problem... – NEz May 23 '16 at 08:11
  • I'm pretty sure there are tonnes of these questions flying around, it may be worth putting in a broad search on elastic search and cors – Callum Linington May 23 '16 at 08:17
  • none of the answers seemed to help which i found in other forums. – NEz May 23 '16 at 08:21
  • finally solved it...i changed http.cors.allow-origin to "*" and somehow it worked – NEz May 23 '16 at 10:16

4 Answers4

28

I've solved the problem by adding these lines to my yml, then restarting ES.

 http.cors.enabled : true
 http.cors.allow-origin: "*"
 http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
 http.cors.allow-headers: X-Requested-With,X-Auth-Token,Content-Type,Content-Length
 http.cors.allow-credentials: true
Josué Zatarain
  • 791
  • 6
  • 21
1

Here is an example of the elastic cloud if someone needs it.

https://docs.elastic.co/search-ui/tutorials/elasticsearch

http.cors.allow-origin: "*"
http.cors.enabled: true
http.cors.allow-credentials: true
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: X-Requested-With, X-Auth-Token, Content-Type, Content-Length, Authorization, Access-Control-Allow-Headers, Accept, x-elastic-client-meta
Musab Dogan
  • 1,811
  • 1
  • 6
  • 8
0

If you don't want to modify the elasticsearch.yml, you can use this Chrome extension to disable the CORS.

bfontaine
  • 18,169
  • 13
  • 73
  • 107
Mahdi DIF
  • 159
  • 1
  • 10
-2

For developing purposes, one can use the Chrome extension Allow CORS: Access-Control-Allow-Origin as @Mahdi pointed out. The extension adds (Access-Control-Allow-Origin: *) rule to the response headers.

Stefan
  • 7
  • 3