Elasticsearch not working with CORS

Elastic Stack Elasticsearch
1
  • Elasticsearch 5.2.2

I am using a http client library (axios) with web app to send request to the elasticsearch, however, after the preflight OPTIONS request, nothing happen after it. Thank you.

NOTE: I am able to use any CLI tool like curl to send a request to the elasticsearch, and it works fine.

My config file

http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: "X-Requested-With,X-Auth-Token,Content-Type, Content-Length"

Request header

OPTIONS http://localhost:9200/xxx/_search
Host: localhost:9200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:54.0) Gecko/20100101 Firefox/54.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization
Origin: http://localhost:3000
Connection: keep-alive
Cache-Control: max-age=0

Respond header

Access-Control-Allow-Origin: "*"
Access-Control-Allow-Methods: "HEAD,DELETE,POST,GET,OPTIONS,PUT"
Access-Control-Allow-Headers: "X-Requested-With,X-Auth-Token, Content-Length,Content-Type"
Access-Control-Max-Age: "1728000"
Date: "\"Sun, 19 Mar 2017 00:28:32 GMT\""
Content-Length: "0"
2

There was a bug where the allow-methods and allow-headers settings could not have spaces in between comma-delimited values: Allow comma delimited array settings to have a space after each entry by abeyad · Pull Request #22591 · elastic/elasticsearch · GitHub. Its fixed in 5.3. For now, you have to make sure there is no whitespace between your allow-methods and allow-headers values...e.g.

http.cors.allow-methods: OPTIONS,HEAD,GET,POST,PUT,DELETE
http.cors.allow-headers: X-Requested-With,X-Auth-Token,Content-Type,Content-Length

That could be your problem.

Also, your request contains the request header "authorization" but that's not listed as one of your allow-headers?

NOTE: I am able to use any CLI tool like curl to send a request to the elasticsearch, and it works fine.

Not sure I follow - you were able to execute requests using a CLI tool but not your client library? In that case, the issue may be within your client library config?