CORS error when sending get reuqest from angular 6 app to elasticsearch, even when its allowed


0 down vote favorite

I have an angular 6 app that sends http requests to elasticsearch DB.

The angular app, nodejs server (that serves the angular app) and elasticsearch are hosted on the same machine, and the browser is on a different machine. The client points to the nodejs IP address using the browser.

The requests are being sent with httpClient from angular (not using any nodejs or expressjs software), and without allowing CORS request with third party package (Chrome and Firefox) or by changing the browser settings (IE 11) the browser doesn't allow the request to go out, and gives me CORS errors.

I want things to work without any adjustments, so I added the following configuration to elasticsearch.yml:

http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: "X-Requested-With,X-Auth-Token,Content-Type, Content-Length"

And just in case I added the following lines to my nodejs server:

app.use('*', function(req, res, next) {
  res.header('Access-Control-Allow-Origin', '*');
  res.header('Access-Control-Allow-Methods', 'PUT, GET, POST, DELETE, OPTIONS');
  res.header('Access-Control-Allow-Headers', 'Content-Type');

The request is sent via service in the angular app, and its simple:

    return this.http.get(`${this.full_elastic_url}/_cat/indices?format=json`)

When I don't enable CORS with chrome/firefox/IE11 I get this message when the request is sent:

Firefox: enter image description here

Chrome: enter image description here

IE: enter image description here

I don't understand what am I doing wrong. I'm enabling CORS in every place that online answers recommended in order to solve this issue, but still - the browser blocks my reuqest.

Why can't I bypass this error?

How can applications, such as kibana, do this without any problem, but my angular app canno't?

Does anyone here has a magic solution for me?


(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.