Great explanation on CORS here: Enable CORS ElasticSearch 5.1.1
But I don't seem able to get this to work in any config so reaching out for some help.
I'm running the angular.js example: https://github.com/comperiosearch/angular-elasticsearch-example
On the server "www.test.com" (ubuntu)
Installed apache2 server, and placed the angular example files into the default /var/www/html
on the same server, I installed elastic which is working fine & loaded up some twitter data with a logstash input.
With a standard browser, I am able to "http://www.test.com:9200/twitter/status/_search" and it works.
With the angular call using the example code, it fails. with the apparently very common error:
"XMLHttpRequest cannot load http://www.test.com:9200/twitter/status/_search. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.test.com' is therefore not allowed access."
Now -- first question, since elastic and apache are using the same domain, why do I need CORS settings at all...?
So I try to enable it on both sides to see it would work with CORS enabled.
In the default site file /etc/apache2/sites-enabled/000-default.conf
DocumentRoot /var/www/html
<Directory "/var/www/html">
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
AllowOverride All
and had to do this to get the angular example to run at all.
cat /var/www/html/.htaccess
RewriteEngine On
RewriteBase /
RewriteRule ^index.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.html [L]
Then on cat /etc/elasticsearch/elasticsearch.yml
---------------------------------- Network -----------------------------------
Set the bind address to a specific IP (IPv4 or IPv6):
network.host: www.test.com
Set a custom port for HTTP:
http.port: 9200
http.cors.enabled : true
http.cors.allow-origin: "*"
With this in place, the direct browser call http://www.test.com:9200/twitter/status/_search
-- still works fine. (or a "POST from Postman also works)
But the error from the angular app in the (chrome) browser is now:
POST http://www.test.com:9200/twitter/status/_search 400 (Bad Request)
any pointers / suggestions would be greatly appreciated. My main goal here is just to get a sample (custom) searchbox going with lots of data on the elasticsearch backend to do a demo for the business folks.