I have an ElasticSearch node that is coming up in a docker-compose cluster locally.
This is the dockerfile:
FROM docker.elastic.co/elasticsearch/elasticsearch:6.5.4
ADD elasticsearch.yml config/elasticsearch.yml
And this is the elasticsearch.yml:
cluster.name: "docker-cluster"
network.host: 0.0.0.0
# minimum_master_nodes need to be explicitly set when bound on a public IP
# set to 1 to allow single node clusters
# Details: https://github.com/elastic/elasticsearch/pull/17288
discovery.zen.minimum_master_nodes: 1
discovery.type: single-node
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: X-Requested-With, X-Auth-Token, Content-Type, Content-Length
http.cors.allow-credentials: true
I have verified that the configuration file is in the docker instance.
However, when I provide an Origin header in a request to the node (from an origin that is not the node), it returns a 403 forbidden. When trying from a javascript client, I get
Access to XMLHttpRequest at '[http://localhost:9200/'](http://localhost:9200/%27) from origin 'http://localhost:8005' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I can't find any documentation in ElasticSearch docs about something I should be doing differently. What am I doing wrong?