Http.cors.allow-origin regex?

I'm been scratching my head a bit trying to get the elasticsearch security
plugin working with kibana. I have the security portion working, but when
trying to access through kibana I am hitting some issues with the cors
settings.

I'm running into an issue where it looks like http.cors.allow-origin with a
regex is not working. It's my understanding that ES will do a regex match
on request header Origin and if it matches will populate the
Access-Control-Allow-Origin response header with the Origin value, (ie -
http://my.kibana.host.com), but when I examine the response headers I can
clearly see * is the value in the response.

My cors config section is

http:
cors:
allow-origin: "/.*/"
allow-credentials: true
enabled: true

The js error is

A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header
when the credentials flag is true. Origin 'http://my.kibana.host.com' is
therefore not allowed access.

Any help would be appreciated.

Thanks,

--
Chris

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/a46b7703-3f3e-4b5a-b1d9-7630767bc1a7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

The security plugin runs an integrated tomcat instance for handling the
rest responses, thus it skips over the built in ES code. I'll be looking
into making some new features to help with this configuration.

SOLVED

On Friday, January 2, 2015 1:43:39 PM UTC-8, Chris Liles wrote:

I'm been scratching my head a bit trying to get the elasticsearch security
plugin working with kibana. I have the security portion working, but when
trying to access through kibana I am hitting some issues with the cors
settings.

I'm running into an issue where it looks like http.cors.allow-origin with
a regex is not working. It's my understanding that ES will do a regex match
on request header Origin and if it matches will populate the
Access-Control-Allow-Origin response header with the Origin value, (ie -
http://my.kibana.host.com), but when I examine the response headers I can
clearly see * is the value in the response.

My cors config section is

http:
cors:
allow-origin: "/.*/"
allow-credentials: true
enabled: true

The js error is

A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header
when the credentials flag is true. Origin 'http://my.kibana.host.com' is
therefore not allowed access.

Any help would be appreciated.

Thanks,

--
Chris

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/b7335e62-889d-4f87-a008-8ef5a3938fe3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.