Hi Team,
We have enabled the CORS with below configuration in Elastic cloud environment which we are using for production.
http.cors.enabled: true
http.cors.allow-origin: /^(https?://).*?(websitename).\w+(.\w+)?$/
http.cors.allow-credentials: true
http.cors.allow-headers: "Access-Control-Allow-Headers, X-Requested-With, Content-Type, Content-Length, Authorization, Access-Control-Allow-Origin"
We are calling the Elastic API's through REACT app,
"Our problem is while loading the website first time which is accessing the Elasticsearch API's, we are getting the CORS problem but after a refresh it is not appearing"
The CORS problem disappears after a refresh not understanding why its happening. Unable to find the root cause
Below mentioned is the CORS ERROR we are getting first time when we access the page:
In Console the error is:
Access to XMLHttpRequest at 'https://xxxxxxxxxxxxxxx.us-central1.gcp.cloud.es.io:portNO/index_name/_msearch' from origin 'https://www.websitename.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
js_yIpFuLeVJAwBBKW7HZWkiUpeFsHq8WIexQKNqxPhqWc.js:70 HTTP Failure in Axios Error: Network Error
at e.exports (js_yIpFuLeVJAwBBKW7HZWkiUpeFsHq8WIexQKNqxPhqWc.js:70:6870)
at XMLHttpRequest.d.onerror (js_yIpFuLeVJAwBBKW7HZWkiUpeFsHq8WIexQKNqxPhqWc.js:70:5920)
In network(Fetch/XHR) :
Request URL: https://xxxxxxxxxxxxxxx.us-central1.gcp.cloud.es.io:portNO/index_name/_msearch
Referrer Policy: strict-origin-when-cross-origin
Provisional headers are shown
Learn more
Accept: application/json, text/plain, /
Authorization: Basic ZGF0YV9yZWFkZXI6Ykh4OWZ3NEhIQkpj
Content-Type: application/x-ndjson
Referer: https://www.websitename.com/
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Google Chrome";v="100"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
So we created a local cluster with same configuration and checked but the error is not happening. We tried creating a trail cloud cluster and checked the same still
the error is not happening. Only in the elastic cloud which we are using for production the CORS error is happening. Not able to find the root cause.
Please guide on the issue, if a meet is scheduled to discuss on this it will help us alot to know things better.
Let me know if any further details required.
Details from React end which we configured to access Elastic API's:
We are using AXIOS to make the call to elastic, please find the details below
const baseOpts = {
method: 'POST',
baseURL: ELASTIC.ELASTIC_DOMAIN,
responseType: 'json',
headers: {
'Content-Type': 'application/x-ndjson',
},
};
if (ELASTIC.CREDENTIALS) {
const authArr = ELASTIC.CREDENTIALS.split(':');
return {
...baseOpts,
auth: {
username: authArr[0],
password: authArr[1],
},
};
}