How to set CORS (Cross Origin Resource Sharing) to speciic domain?

Elastic Stack Elasticsearch
1

Trying to enter the correct setting in elasticsearch.yml.
Although the first block below added to elasticsearch.yml does what it
wants, it disables CORS security altogether.
Am trying to enable only localhost. The ES documentation is not clear how
to define enabled domain(s) only

As follows, TIA
Tony

  1. This works, but enables all Domains
  2. ################################# Custom
    ##################################
  3. http.cors.allow-origin: "/.*/"
  4. http.cors.enabled: true
  7. Trying to enable and restrict cors to localhost attempted the
    following unsuccessfully
  9. The Following results in an empty page (elasticsearch can start)
  10. ################################# Custom
    ##################################
  11. http.cors.allow-origin: "/localhost(:[0-9]+)?/"
  12. http.cors.enabled: true
  14. The Following results in the elasticsearch unable to start
  15. (From official documentation
    http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/modules-http.html
    )
  16. Don't know why the first forward slash exists which is why I removed
    in above try
  17. ################################# Custom
    ##################################
  18. http.cors.allow-origin: "//localhost(:[0-9]+)?/"
  19. http.cors.enabled: true

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/71ec47d5-7d61-4ca6-a925-c75e0a0430af%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

2

This was resolved by including the "http" string in the "allow-origin"
command(Thx for testing, Clinton). The correct entry is as follows. Note
that besides the required "http" string, the documentation and example only
supports SSL or without SSL, not both. In the corrected command below, I
specify "no SSL"

Would require testing, but I assume repeating the same command with "http"
and then "https" might cover both situations.

Looking at the string after the fact, now I understand and see the RegEx
describing the full URL (http://localhost:anyport/)

################################# Custom ##################################
http.cors.allow-origin: /http?://localhost(:[0-9]+)?/
http.cors.enabled: true

On Monday, December 8, 2014 11:44:16 AM UTC-8, Tony Su wrote:

Trying to enter the correct setting in elasticsearch.yml.
Although the first block below added to elasticsearch.yml does what it
wants, it disables CORS security altogether.
Am trying to enable only localhost. The ES documentation is not clear how
to define enabled domain(s) only

As follows, TIA
Tony

  1. This works, but enables all Domains
  2. ################################# Custom
    ##################################
  3. http.cors.allow-origin: "/.*/"
  4. http.cors.enabled: true
  7. Trying to enable and restrict cors to localhost attempted the
    following unsuccessfully
  9. The Following results in an empty page (elasticsearch can start)
  10. ################################# Custom
    ##################################
  11. http.cors.allow-origin: "/localhost(:[0-9]+)?/"
  12. http.cors.enabled: true
  14. The Following results in the elasticsearch unable to start
  15. (From official documentation
    Elasticsearch Platform — Find real-time answers at scale | Elastic
    )
  16. Don't know why the first forward slash exists which is why I
    removed in above try
  17. ################################# Custom
    ##################################
  18. http.cors.allow-origin: "//localhost(:[0-9]+)?/"
  19. http.cors.enabled: true

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/35789fb1-7959-4271-8fa3-6eeb29622de0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.