Hi
I'm trying to disable DELETE API option from sense or via HTTP and was not
able to do it . My requirement is make DELETE API not available so that
user will not accidentally delete any index . I tried the following in .yml
file and restarted the server ,but still i'm able to DELETE any index .Is
there something i'm missing ?
Access-Control-Allow-Methods: OPTIONS, POST, GET, PUT
Access-Control-Allow-Headers: X-Requested-With, Content-Type, Content-Length
Elasticsearch currently does not allow you to enable/disable specific HTTP
methods. If you need that kind of security, please use a nginx or another
webserver in front of Elasticsearch which does this.
Hi
I'm trying to disable DELETE API option from sense or via HTTP and was not
able to do it . My requirement is make DELETE API not available so that
user will not accidentally delete any index . I tried the following in .yml
file and restarted the server ,but still i'm able to DELETE any index .Is
there something i'm missing ?
Access-Control-Allow-Methods: OPTIONS, POST, GET, PUT
Access-Control-Allow-Headers: X-Requested-With, Content-Type,
Content-Length
Thanks Alexander . Not sure why we have setting in .yml file for
Access-Control-Allow-Methods: OPTIONS, POST, GET, PUT . This raises
question on the configuration usage .
On Mon, Aug 4, 2014 at 3:31 AM, Alexander Reelsen alr@spinscale.de wrote:
Hi,
Elasticsearch currently does not allow you to enable/disable specific HTTP
methods. If you need that kind of security, please use a nginx or another
webserver in front of Elasticsearch which does this.
Hi
I'm trying to disable DELETE API option from sense or via HTTP and was
not able to do it . My requirement is make DELETE API not available so that
user will not accidentally delete any index . I tried the following in .yml
file and restarted the server ,but still i'm able to DELETE any index .Is
there something i'm missing ?
Access-Control-Allow-Methods: OPTIONS, POST, GET, PUT
Access-Control-Allow-Headers: X-Requested-With, Content-Type,
Content-Length
Thanks Alexander . Not sure why we have setting in .yml file for
Access-Control-Allow-Methods: OPTIONS, POST, GET, PUT . This raises
question on the configuration usage .
On Mon, Aug 4, 2014 at 3:31 AM, Alexander Reelsen alr@spinscale.de
wrote:
Hi,
Elasticsearch currently does not allow you to enable/disable specific
HTTP methods. If you need that kind of security, please use a nginx or
another webserver in front of Elasticsearch which does this.
Hi
I'm trying to disable DELETE API option from sense or via HTTP and was
not able to do it . My requirement is make DELETE API not available so that
user will not accidentally delete any index . I tried the following in .yml
file and restarted the server ,but still i'm able to DELETE any index .Is
there something i'm missing ?
Access-Control-Allow-Methods: OPTIONS, POST, GET, PUT
Access-Control-Allow-Headers: X-Requested-With, Content-Type,
Content-Length
CORS is not about doing anything secure from a data point of view, but
about telling the browser how to behave. Does not have any impact on the
elasticsearch side. See web.dev
Thanks Alexander . Not sure why we have setting in .yml file for
Access-Control-Allow-Methods: OPTIONS, POST, GET, PUT . This raises
question on the configuration usage .
On Mon, Aug 4, 2014 at 3:31 AM, Alexander Reelsen alr@spinscale.de
wrote:
Hi,
Elasticsearch currently does not allow you to enable/disable specific
HTTP methods. If you need that kind of security, please use a nginx or
another webserver in front of Elasticsearch which does this.
Hi
I'm trying to disable DELETE API option from sense or via HTTP and was
not able to do it . My requirement is make DELETE API not available so that
user will not accidentally delete any index . I tried the following in .yml
file and restarted the server ,but still i'm able to DELETE any index .Is
there something i'm missing ?
Access-Control-Allow-Methods: OPTIONS, POST, GET, PUT
Access-Control-Allow-Headers: X-Requested-With, Content-Type,
Content-Length
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.