0

I installed ElasticSearch on my Ubuntu server and it seems to be working correctly when I do the cURL command. However, when I use the ElasticSearch URI using Ajax I get the following error: net::ERR_BLOCKED_BY_CLIENT Here's how my Ajax request looks like:

const QUERY_URL = "http://localhost:9200/topics/_search?q=name:" + QUERY
    + "*&sort=follower_count:desc&size=5";

$.ajax({
    type: 'GET',
    url: QUERY_URL,
    success: function (data) {
        console.log(data);
    },
    error: function (xhr) {
        if (xhr.status === 0) {
            showSnackBarMessage("Can't communicate with server");
        }
    }
});

I tried using POST instead of GET. I also tried changing localhost to its I.P equivalent. However, nothing seems to be working. I keep on getting the same error. Is there a way to solve this without opening my ElasticSearch API to the world?

user2896120
  • 3,180
  • 4
  • 40
  • 100

1 Answers1

0

HINT: NEVER EXPOSE ELASTIC TO THE INTERNET DIRECTLY DUE TO SECURITY REASONS!

The error is in the client (your browser/your code) because the CORS settings prevents you to call resources from another host than your website (the port might be different, right?). For Example, your website is running at localhost:8080 and you need to ajax localhost:9200 will lead into net::ERR_BLOCKED_BY_CLIENT

You need to handle CORS in your client/jquery properly and maybe define some CORS-related settings in elasticsearch HTTP network

ibexit
  • 3,465
  • 1
  • 11
  • 25
  • That question is for 2 different servers, however, for the same server it should work. Locally, it works. However, I think it's due to the fact that I'm running the application with a server that has an SSL certificate. I'm not sure if that's the reason though. I tried enabling cors and everything on the ElasticSearch side. Still nothing. – user2896120 Aug 18 '20 at 23:43
  • The website is https and elastic http? That's also not allowed in modern browsers – ibexit Aug 18 '20 at 23:45
  • Yes, the website is https and Elastic is http. I think the issue is there – user2896120 Aug 18 '20 at 23:46
  • Search SO for 'Mixed content', should lead you to the solution. – ibexit Aug 18 '20 at 23:49
  • Disabling it in Chrome? Is that the solution? – user2896120 Aug 19 '20 at 00:01
  • Only if you need it working just for you... Why nit enabling ssl on eladticsearch or disable ssl, or even better on, the website for development? – ibexit Aug 19 '20 at 00:07
  • I need it for everyone since it's in production. How do I enable SSL on ElasticSearch? – user2896120 Aug 19 '20 at 00:07
  • Again: do not expose elastic directly to the public internet. It is just a matter of time until someone start tampering your data. – ibexit Aug 19 '20 at 00:08
  • But how would I fix this issue? – user2896120 Aug 19 '20 at 01:17
  • Thats easy: https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-tls.html – ibexit Aug 19 '20 at 08:19