Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:9200/test12/test3/_search?pretty

Question

I have an autocomplete jquery function with ElasticSearch. I'm getting the following error when typing the first letter in.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:9200/test12/test3/_search?pretty. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

Here is the code

$(function () {
    $("#keyword").autocomplete({
        source: function (request, response) {
            $.ajax({
                 url: "http://localhost:9200/test12/test3/_search?pretty",
                data: "q=firstname:" + request.term +"*" , 
                dataType: "json", 
                type: "POST", 
                headers: {
                'Access-Control-Allow-Origin':  'http://localhost'
            },
                crossDomain: true,    
                jsonpCallback:"callback", 
                contentType: "application/json; charset=utf-8",
                success: function (data) {
                    console.log(data); 
                    response($.map(data.d, function (item) {
                        return {


                            label: item.split('-')[0],
                            val: item.split('-')[1]
                        }
                    }))
                },
                error: function (response) {
                    alert('error'+ response.responseText);
                },
                failure: function (response) {
                    alert('failure'+response.responseText);
                }
            });
        },
        select: function (e, i) {
            $("[id$=keyword]").val(i.item.val);
        },
        minLength: 1
    });
});

I also tried 'Access-Control-Allow-Origin': '*' it didn't work.

When I try jsonp instead of json, I get

syntax error (which is normal, since my code expects json not jsonp stuff)

on the SERVER: I did,

Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Max-Age "1000"
Header set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin$
/etc/apache2/apache2.conf

STILL did not solve the problem

The `Access-Control-*` headers are **response** headers. They need to come from the server — Phil, Oct 26 '16 at 04:15
Possible duplicate of ["No 'Access-Control-Allow-Origin' header is present on the requested resource"](http://stackoverflow.com/questions/20035101/no-access-control-allow-origin-header-is-present-on-the-requested-resource) — Phil, Oct 26 '16 at 04:16
Enable cross origin support on your SERVER. The browser will not allow a cross origin request unless the server allows it. — jfriend00, Oct 26 '16 at 04:16
tried that!!Header always set Access-Control-Allow-Origin "*" Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT" Header always set Access-Control-Max-Age "1000" on /etc/apache2/apache2.conf — bkl, Oct 26 '16 at 04:19

score 5 · Answer 1 · edited Apr 02 '21 at 11:39

5

Use a browser addon that allows the user to enable CORS everywhere by altering http responses.

Firefox: https://addons.mozilla.org/en-US/firefox/addon/cors-everywhere/

Chrome: https://chrome.google.com/webstore/detail/allow-cors-access-control/lhobafahddgcelffkeicbaginigeejlf/

Safari: No need to install any add-on, just go to Develop > Disable Cross-origin Restrictions. If you don't have the Develop menu in Safari, follow this instructions:

edited Apr 02 '21 at 11:39

Ahmed Akhtar

1,444
1
16
28

answered Nov 07 '16 at 22:34

nvhdab

85
7

2

So you tell all your visitors they have to install something on their browser? That's not an answer! – MC9000 May 27 '20 at 08:14
3

@MC9000 The context of this question (and of my answer) is testing in a local machine, most probably for development purposes. Thus, in this particular context my answer is a suggestion based on what I did to solve my local development environment. This has nothing to do on what and how I deploy to production environments, which is out of the scope of this question. That said, you are most welcome to propose your own answer... that's the whole idea of Stack Overflow. – nvhdab May 28 '20 at 16:55
This solution sounded promising, but did not solve the issue for me. I am still getting the same errors on the console. I will get back to this post if I find a solution elsewhere. – Johannes Jan 26 '21 at 17:09
1

Worked for me, for testing at least. – Ahmed Akhtar Apr 02 '21 at 13:07
Thanks @Ahmed, the solution suggested is only for testing purposes. You could also setup a proxy server. In any case, production environments need another setup altogether. – nvhdab Apr 03 '21 at 15:20

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:9200/test12/test3/_search?pretty

1 Answers1