Http.cors on es 2.4

I've been trying to turn on cors in es2.4.2 (so I can use a stand-alone version of the head plugin in preparation for es5 where it is no longer avail;able as a plugin). I cannot get it to work. I have added the required lines to elasticsearch.yml and restarted elasticsearch.

http.cors.allow-origin: /http:\/\/.*/
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: X-Requested-With,X-Auth-Token,Content-Type, Content-Length
http.cors.enabled: true

I also tried allow-origin with just "*" (and without the quotes, but es then fails to start at all), and with the correct explicit Origin taken from the Chrome headers debugger, and with the enabled setting first and last (though I think the order should be irrelevant). with and without the allow=methods and allow-headers (the defaults for which seem sensible). The only other non-comment lines in elasticsearch.yml are for and

To isolate the problem from the browser and head, I've tried it (with wildcard origin setting)

curl -H "Origin:" -i http://localhost:9200

and elasticsearch definitely isn't including the cors headers:

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 370

  "name" : "...", ...

I am normally running this over a ssh tunnel (so localhost:9200 would actually be the local end of the ssh tunnel with localhost:9200 at the other end being the real local socket access). But for this test I ran curl locally on the es server; though I don;t think that should make any difference.

I am stumped. Can anyone help?

I use

http.cors.allow-origin: /http.+/

I don't do the allow-headers

and I turn on compression

http.compression: true

that is the only difference I see

This does not reproduce for me, using your exact configuration:

18:44:37 [jason:~] $ ~/elasticsearch/elasticsearch-2.4.2/bin/elasticsearch --http.cors.enabled=true --http.cors.allow-origin='/http:\/\/.*/' --http.cors.allow-methods="OPTIONS, HEAD, GET, POST, PUT, DELETE" --http.cors.allow-headers="X-Requested-With,X-Auth-Token,Content-Type, Content-Length"
[2017-01-07 18:44:46,517][INFO ][node                     ] [Freak of Science] version[2.4.2], pid[61200], build[161c65a/2016-11-17T11:51:03Z]
[2017-01-07 18:44:46,517][INFO ][node                     ] [Freak of Science] initializing ...
[2017-01-07 18:44:46,918][INFO ][plugins                  ] [Freak of Science] modules [reindex, lang-expression, lang-groovy], plugins [], sites []
[2017-01-07 18:44:46,937][INFO ][env                      ] [Freak of Science] using [1] data paths, mounts [[/ (/dev/disk1)]], net usable_space [86gb], net total_space [232.6gb], spins? [unknown], types [hfs]
[2017-01-07 18:44:46,937][INFO ][env                      ] [Freak of Science] heap size [989.8mb], compressed ordinary object pointers [true]
[2017-01-07 18:44:46,937][WARN ][env                      ] [Freak of Science] max file descriptors [10240] for elasticsearch process likely too low, consider increasing to at least [65536]
[2017-01-07 18:44:48,066][INFO ][node                     ] [Freak of Science] initialized
[2017-01-07 18:44:48,066][INFO ][node                     ] [Freak of Science] starting ...
[2017-01-07 18:44:48,124][INFO ][transport                ] [Freak of Science] publish_address {}, bound_addresses {[fe80::1]:9300}, {[::1]:9300}, {}
[2017-01-07 18:44:48,127][INFO ][discovery                ] [Freak of Science] elasticsearch/_MnmJBVKRXaWX0jGqPBMsw
[2017-01-07 18:44:51,152][INFO ][cluster.service          ] [Freak of Science] new_master {Freak of Science}{_MnmJBVKRXaWX0jGqPBMsw}{}{}, reason: zen-disco-join(elected_as_master, [0] joins received)
[2017-01-07 18:44:51,174][INFO ][http                     ] [Freak of Science] publish_address {}, bound_addresses {[fe80::1]:9200}, {[::1]:9200}, {}
[2017-01-07 18:44:51,174][INFO ][node                     ] [Freak of Science] started
[2017-01-07 18:44:51,181][INFO ][gateway                  ] [Freak of Science] recovered [0] indices into cluster_state
18:43:21 [jason:~] $ curl --verbose -H "Origin:" localhost:9200/
*   Trying ::1...
* Connected to localhost (::1) port 9200 (#0)
> GET / HTTP/1.1
> Host: localhost:9200
> User-Agent: curl/7.51.0
> Accept: */*
> Origin:
< HTTP/1.1 200 OK
< Access-Control-Allow-Origin: *
< Content-Type: application/json; charset=UTF-8
< Content-Length: 370
  "name" : "Freak of Science",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "bHXJHQ9lT9-_T_MN7_Sljg",
  "version" : {
    "number" : "2.4.2",
    "build_hash" : "161c65a337d4b422ac0c805f284565cf2014bb84",
    "build_timestamp" : "2016-11-17T11:51:03Z",
    "build_snapshot" : false,
    "lucene_version" : "5.5.2"
  "tagline" : "You Know, for Search"
* Curl_http_done: called premature == 0
* Connection #0 to host localhost left intact
18:44:57 [jason:~] $ 

I also tried it by setting these options in the config file, same result. Are you sure that you're starting with the config file that you added these options to? What happens if you start from the command line as I've shown above?

Thanks for the reply. I found my problem: while it all appeared normal, a restart on elasticsearch (with /etc/init.d/elasticsearch or service elasticsearch) had left the old one running and started a new one as well (which presumably failed with unable to open the socket after a few seconds), so the old one never stopped and therefore never re-read the yml file. Once the pid was recorded wrongly, it was impossible to then stop elasticsearch except by kill, once I saw what the problem was. All OK now.

It was either this or something sinister. :smile:

I'm glad you're up and running now.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.