Get request with query yields result in Firefox, but nowhere else

Hello,
I have a rather strange issue I would love to get some help with. I am running Elastic Search 7.7 locally and I'm trying to implement a very basic search call to it.
When I call it without any query parameters it works and I get hits:
http://localhost:9200/i5tripdocument.invariant/_search

This is both in my browser and Postman. Now, when I DO add a query parameter for something that should yield hits, I get hits when I run it in Firefox. If I run it in another browser (Chrome, Edge) or in Postman, I get zero hits.
http://localhost:9200/i5tripdocument.invariant/_search?q=query

I have copied the exact request from Firefox and imported into Postman, but with the same result.

I tried adding "http.cors.enabled: false" to my elasticsearch.yml (tip from a colleague), but that made no difference.

Has anyone encountered this?

Thanks in advance,
Kristina

Hello @Fiothiel,

Have you tried updating http.cors.allow-origin to allow requests from any origin (*)?

Updating this to something like:

 http.cors.allow-origin: "*"

To rule out cache-related issues, you can also try clearing your browser cache.

Hi!
I tried what you suggested but it didn't change anything :confused: And I have tried in incognito browser windows as well to rule out cache issues.

Hello @Fiothiel,

Update: As per this PR, CORS customization were available prior to 7.11, but only when running in dev mode.

What is your use case for requiring API calls from your web application?

We use Elastic Search with Litium 7 (Litium CMS). Litium has built in functionality for Elastic Search and we use that, but for over a year we've had issues with some of our documents not being automatically indexed. When the index is rebuilt manually, the document appears. We haven't found anything in our code that goes kaboom, and Litium can't see anything wrong either. So I want to implement this so that when a document doesn't seem to get indexed, I can go straight to Elastic Search and see if it is in fact there, even if we don't get any hits when going through Litium.

Thank you for sharing this additional context.

Well, I don't know this Litium CMS functionality. Can you share with me your elasticsearch.yml?

You can try something like this:

http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: X-Requested-With,X-Auth-Token,Content-Type,Content-Length
http.cors.allow-credentials: false

Here is the context of this suggestion - updating http.cors.allow-credentials to false and http.cors.allow-origin to "*", but as mentioned here, this is not supported in production, for production you can use a specific origin value, like http.cors.allow-origin: "https://<my-website-domain.example>".

Since what you need is just to visualize this data to confirm if it is there, you can also use Kibana Dev Tool, Discover, or even curl.

Hope this helps!

Hi!
I'm sorry for the long reply. Thank you for your suggestions. Unfortunately I get the same result using curl. I get hits when I don't include any parameters, and when I do include a query parameter (that definitely should yield a hit), it doesn't. Unless there is something I have to set up when I do the call?
If I put it like this in my browser (well, my Firefox browser..) it works:
http://localhost:9200/i5tripdocument.invariant/_search?q=SomethingThatDefinitelyShouldYieldAHit

Is there any kind of "these are the things I want you to look through" things that should be added to the api call (or curl or whichever) that I've missed?

Hm, it should work from your command line, so the problem is not in the CORS config.

Can I see the query you used in your curl request? What was the response?

Let's test something to match all documents. Could you please add a body with a match all query to your request in Postman?

POST localhost:9200/i5tripdocument.invariant/_search
{
    "query": {
        "match_all": {}
    }
}

Btw, Do you have access to Kibana using this tool?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.