Elasticsearch not working with CORS

  • Elasticsearch 5.2.2

I am using a http client library (axios) with web app to send request to the elasticsearch, however, after the preflight OPTIONS request, nothing happen after it. Thank you.

NOTE: I am able to use any CLI tool like curl to send a request to the elasticsearch, and it works fine.

My config file

http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: "X-Requested-With,X-Auth-Token,Content-Type, Content-Length"

Request header

OPTIONS http://localhost:9200/xxx/_search
Host: localhost:9200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:54.0) Gecko/20100101 Firefox/54.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization
Origin: http://localhost:3000
Connection: keep-alive
Cache-Control: max-age=0

Respond header

Access-Control-Allow-Origin: "*"
Access-Control-Allow-Methods: "HEAD,DELETE,POST,GET,OPTIONS,PUT"
Access-Control-Allow-Headers: "X-Requested-With,X-Auth-Token, Content-Length,Content-Type"
Access-Control-Max-Age: "1728000"
Date: "\"Sun, 19 Mar 2017 00:28:32 GMT\""
Content-Length: "0"

There was a bug where the allow-methods and allow-headers settings could not have spaces in between comma-delimited values: https://github.com/elastic/elasticsearch/pull/22591. Its fixed in 5.3. For now, you have to make sure there is no whitespace between your allow-methods and allow-headers values...e.g.

http.cors.allow-methods: OPTIONS,HEAD,GET,POST,PUT,DELETE
http.cors.allow-headers: X-Requested-With,X-Auth-Token,Content-Type,Content-Length

That could be your problem.

Also, your request contains the request header "authorization" but that's not listed as one of your allow-headers?

NOTE: I am able to use any CLI tool like curl to send a request to the elasticsearch, and it works fine.

Not sure I follow - you were able to execute requests using a CLI tool but not your client library? In that case, the issue may be within your client library config?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.