ElasticSearch ignores the property 'http.cors.allow-methods'

Hi All,

I have added both parameters to elasticsearch.yml:

http.cors.enabled : true
http.cors.allow-methods : GET, POST, PUT, DELETE

OPTIONS & HEAD are not allowed - and still i can access to ElasticSearch with postman with these methods and get 200 OK response instead of bad request.


These are not valid yml.

http.cors.enabled: true
http.cors.allow-methods: GET, POST, PUT, DELETE

Is the correct syntax.

Do you know how it should be ?
i also tried:
http.cors.allow-methods: ["GET","POST"]