Elastic API returns 401 from browser client (CORS)

qd-danh · June 3, 2024, 4:30am

I have followed the documentation and enabled CORS on Elastic cluster (hosted in Azure), so edited the elastic YAML via the cloud portal. Shown below.

Calling Elastic APIs from ObservableHQ as the client and getting CORS error response. The client has a "no-cors" setting that I can pass, then I get a 401 Unauthorized. I know I have the correct API key and the API works, since I can make the same exact call from POSTMAN and it succeeds.

Calling Elastic API: GET /my-index/_search

I realize the ObservableHQ client calls are probably very specific to my case. So more of a general question: do you know if there is anything else I should be having to do other than edit elastic.yaml to allow CORS calls?

Following documentation here

Settings in elastic.yaml

Client call in ObservableHQ, Chrome network data

THANK YOU for any advice.

Carlos_D · June 4, 2024, 3:41pm

Hey @qd-danh :

If you want to use regular expressions (other than *} in CORS settings, I believe you need to use forward slashes at the beginning and end of the regex - something similar to:

/https?:\/\/.*\.static\.observableusercontent\.com/

Please check the documentation for the http.cors.allow-origin setting.

Topic		Replies	Views
Error 401-Unauthorized when using js/elasticsearch to query my (Cloud) cluster Elasticsearch	3	5776	April 26, 2017
XMLHttpRequest is not working Elasticsearch elastic-stack-security	2	1203	March 30, 2019
CORS error when sending get reuqest from angular 6 app to elasticsearch, even when its allowed Elasticsearch	1	3686	October 30, 2018
Enable CORS settings in a Self-Managed Azure Cluster? Elasticsearch	1	157	October 25, 2022
Unable to connect via token through the API Elasticsearch	2	374	February 1, 2021

Elastic API returns 401 from browser client (CORS)

Related topics