Elasticsearch and CORS

Great explanation on CORS here: Enable CORS ElasticSearch 5.1.1

But I don't seem able to get this to work in any config so reaching out for some help.

I'm running the angular.js example: https://github.com/comperiosearch/angular-elasticsearch-example

On the server "www.test.com" (ubuntu)

Installed apache2 server, and placed the angular example files into the default /var/www/html

on the same server, I installed elastic which is working fine & loaded up some twitter data with a logstash input.

With a standard browser, I am able to "http://www.test.com:9200/twitter/status/_search" and it works.

With the angular call using the example code, it fails. with the apparently very common error:

"XMLHttpRequest cannot load http://www.test.com:9200/twitter/status/_search. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.test.com' is therefore not allowed access."

Now -- first question, since elastic and apache are using the same domain, why do I need CORS settings at all...?

So I try to enable it on both sides to see it would work with CORS enabled.

In the default site file /etc/apache2/sites-enabled/000-default.conf
DocumentRoot /var/www/html
<Directory "/var/www/html">
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
AllowOverride All

and had to do this to get the angular example to run at all.

cat /var/www/html/.htaccess

RewriteEngine On
RewriteBase /
RewriteRule ^index.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.html [L]

Then on cat /etc/elasticsearch/elasticsearch.yml

---------------------------------- Network -----------------------------------

Set the bind address to a specific IP (IPv4 or IPv6):

network.host: www.test.com

Set a custom port for HTTP:

http.port: 9200
http.cors.enabled : true
http.cors.allow-origin: "*"

With this in place, the direct browser call http://www.test.com:9200/twitter/status/_search
-- still works fine. (or a "POST from Postman also works)

But the error from the angular app in the (chrome) browser is now:

POST http://www.test.com:9200/twitter/status/_search 400 (Bad Request)

any pointers / suggestions would be greatly appreciated. My main goal here is just to get a sample (custom) searchbox going with lots of data on the elasticsearch backend to do a demo for the business folks.

The issue here is not CORS as I suspected. Couple of issues, if the field you are searching on does not have feilddata then it throws this error, the other is that the DSL changed and all elastic.js and others don't work in 5.5 (or 6) not sure where it changed.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.