ElasticSearch HTTP CORS config variables are not being honored

I have an ElasticSearch node that is coming up in a docker-compose cluster locally.

This is the dockerfile:

FROM docker.elastic.co/elasticsearch/elasticsearch:6.5.4

ADD elasticsearch.yml config/elasticsearch.yml

And this is the elasticsearch.yml:

cluster.name: "docker-cluster"
network.host: 0.0.0.0

# minimum_master_nodes need to be explicitly set when bound on a public IP
# set to 1 to allow single node clusters
# Details: https://github.com/elastic/elasticsearch/pull/17288
discovery.zen.minimum_master_nodes: 1
discovery.type: single-node
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: X-Requested-With, X-Auth-Token, Content-Type, Content-Length
http.cors.allow-credentials: true

I have verified that the configuration file is in the docker instance.

However, when I provide an Origin header in a request to the node (from an origin that is not the node), it returns a 403 forbidden. When trying from a javascript client, I get
Access to XMLHttpRequest at '[http://localhost:9200/'](http://localhost:9200/%27) from origin 'http://localhost:8005' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I can't find any documentation in ElasticSearch docs about something I should be doing differently. What am I doing wrong?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.