8

hi am running Elasticsearch version 2.3 and i have an Angular code to query like a search.when i run it i am getting this error even with http.cors.enabled set to true and also with http.cors.allow-origin to /https?:\/\/localhost(:[0-9]+)?/

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://localhost:9200/elastic/_search?size=50. This can be fixed by moving the resource to the same domain or enabling CORS

i don't understand what the problem is.

my request headers.

    User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
Pragma: no-cache
Origin: http://127.0.0.1:8100
Host:   localhost:9200
Connection: keep-alive
Cache-Control:  no-cache
Access-Control-Request-Method:  POST
Access-Control-Request-Headers: content-type
Accept-Language:    en-US,en;q=0.5
Accept-Encoding:    gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

my console looks like this. enter image description here

but if i put the request directly in the browser like this..i get correct output.

enter image description here

NEz
  • 141
  • 1
  • 1
  • 12
  • Are you loading your page via the file:/// protocol or is it served by a web server on localhost? A similar issue can be found [here](http://stackoverflow.com/questions/36907355/elasticsearch-cross-origin-request-blocked-despite-configuring-http-module/36907386#36907386) – Val May 23 '16 at 07:00
  • 1
    via file://...does this make a difference??? – NEz May 23 '16 at 07:02
  • If you read the link I shared you'll see it makes a difference since the Origin is null when loaded from the filesystem. You might get away by upgrading to 2.3.3 as I think they have fixed that CORS issue. – Val May 23 '16 at 07:04
  • 1
    i tried running by installing a simple http server. but still its the same problem and i am running Elasticsearch 2.3.3 – NEz May 23 '16 at 07:40
  • Can you update your question with the request headers you have in the HTTP request + response? – Val May 23 '16 at 07:45
  • this is my request headers.. – NEz May 23 '16 at 08:06
  • What happens if you hit `http://localhost:8100` instead of `http://127.0.0.1:8100`? – Val May 23 '16 at 08:08
  • its still the same problem... – NEz May 23 '16 at 08:11
  • I'm pretty sure there are tonnes of these questions flying around, it may be worth putting in a broad search on elastic search and cors – Callum Linington May 23 '16 at 08:17
  • none of the answers seemed to help which i found in other forums. – NEz May 23 '16 at 08:21
  • finally solved it...i changed http.cors.allow-origin to "*" and somehow it worked – NEz May 23 '16 at 10:16

2 Answers2

23

I've solved the problem by adding these lines to my yml, then restarting ES.

 http.cors.enabled : true
 http.cors.allow-origin: "*"
 http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
 http.cors.allow-headers: X-Requested-With,X-Auth-Token,Content-Type,Content-Length
 http.cors.allow-credentials: true
Josué Zatarain
  • 741
  • 4
  • 21
1

If you don't want to modify the elasticsearch.yml, you can use this Chrome extension to disable the CORS.

Mahdi DIF
  • 161
  • 1
  • 10
  • 3
    This is good only for debugging, not viable solution to ask all of your users to install a Chrome extension to disable CORS. – Botond Kopacz Apr 23 '20 at 18:52