Get request with query yields result in Firefox, but nowhere else

Hello,
I have a rather strange issue I would love to get some help with. I am running Elastic Search 7.7 locally and I'm trying to implement a very basic search call to it.
When I call it without any query parameters it works and I get hits:
http://localhost:9200/i5tripdocument.invariant/_search

This is both in my browser and Postman. Now, when I DO add a query parameter for something that should yield hits, I get hits when I run it in Firefox. If I run it in another browser (Chrome, Edge) or in Postman, I get zero hits.
http://localhost:9200/i5tripdocument.invariant/_search?q=query

I have copied the exact request from Firefox and imported into Postman, but with the same result.

I tried adding "http.cors.enabled: false" to my elasticsearch.yml (tip from a colleague), but that made no difference.

Has anyone encountered this?

Thanks in advance,
Kristina

Hello @Fiothiel,

Have you tried updating http.cors.allow-origin to allow requests from any origin (*)?

Updating this to something like:

 http.cors.allow-origin: "*"

To rule out cache-related issues, you can also try clearing your browser cache.

Hi!
I tried what you suggested but it didn't change anything :confused: And I have tried in incognito browser windows as well to rule out cache issues.

Hello @Fiothiel,

Update: As per this PR, CORS customization were available prior to 7.11, but only when running in dev mode.

What is your use case for requiring API calls from your web application?

We use Elastic Search with Litium 7 (Litium CMS). Litium has built in functionality for Elastic Search and we use that, but for over a year we've had issues with some of our documents not being automatically indexed. When the index is rebuilt manually, the document appears. We haven't found anything in our code that goes kaboom, and Litium can't see anything wrong either. So I want to implement this so that when a document doesn't seem to get indexed, I can go straight to Elastic Search and see if it is in fact there, even if we don't get any hits when going through Litium.

Thank you for sharing this additional context.

Well, I don't know this Litium CMS functionality. Can you share with me your elasticsearch.yml?

You can try something like this:

http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: X-Requested-With,X-Auth-Token,Content-Type,Content-Length
http.cors.allow-credentials: false

Here is the context of this suggestion - updating http.cors.allow-credentials to false and http.cors.allow-origin to "*", but as mentioned here, this is not supported in production, for production you can use a specific origin value, like http.cors.allow-origin: "https://<my-website-domain.example>".

Since what you need is just to visualize this data to confirm if it is there, you can also use Kibana Dev Tool, Discover, or even curl.

Hope this helps!