Error 401-Unauthorized when using js/elasticsearch to query my (Cloud) cluster

Hi folks. I've been having some trouble over in the Cloud Category getting my custom dashboard to talk to my ES cluster, and despite a bunch of help with cors settings, it still doesn't seem to be working. I may be doing something daft, but can't find out what.

I have a simple static HTML page that calls this bit of js:

define(['js/d3.v3', 'js/elasticsearch'], function (d3, elasticsearch) {
    "use strict";
    var client = new elasticsearch.Client({
		host: 'https://myusername:mypassword@mycluster.eu-west-1.aws.found.io:9243', log: 'trace'});
	
	client.ping({
		requestTimeout: 10000
	}, function(error){
		if (error) {
			console.trace('elasticsearch cluster is down!');
			console.trace(error);
		} else {
			console.log('All is well');
		}
	});
});

And all I get in my Chrome dev tools is a 401 Unauthorized response.

With the help of @bevacqua I have my elasticsearch.yml settings now as follows:

http.cors.allow-credentials: true
http.cors.enabled: true
http.cors.allow-origin: "http://nagios.communigator.co.uk"
http.cors.allow-headers: "X-Requested-With, Content-Type, Content-Length, Authorization"

related questions for reference:

Change to CORS setting seems to have broken Kopf
Using js/elasticsearch with a cluster instance

Okay so I finally got a chance to revisit this now. According to my User Settings in the cloud control panel (cluster 1e7502), my CORS settings are:

http.cors.enabled: false
http.cors.allow-origin: "http://nagios.communigator.co.uk"
http.cors.allow-credentials: true

I believe it was a GUI error that was preventing me from adding the final setting, but I have been assured that is there too. I have no way to confirm that my self.

http.cors.allow-headers: "X-Requested-With, Content-Type, Content-Length, Authorization"

I have just checked the trivial example above again, and I am definitely getting 401 Unauthorized errors. I just logged into Kibana using the username and passsword I have in my javascript and that worked fine.

Here are the headers from the failed request:

I don't suppose anyone has any ideas on this one? I didn't get much response in the #cloud category either. Does nobody access their ES data like this? Should I be using some other method?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.