I've been trying to turn on cors in es2.4.2 (so I can use a stand-alone version of the head plugin in preparation for es5 where it is no longer avail;able as a plugin). I cannot get it to work. I have added the required lines to elasticsearch.yml and restarted elasticsearch.
http.cors.allow-origin: /http:\/\/.*/
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: X-Requested-With,X-Auth-Token,Content-Type, Content-Length
http.cors.enabled: true
I also tried allow-origin with just "*" (and without the quotes, but es then fails to start at all), and with the correct explicit Origin taken from the Chrome headers debugger, and with the enabled setting first and last (though I think the order should be irrelevant). with and without the allow=methods and allow-headers (the defaults for which seem sensible). The only other non-comment lines in elasticsearch.yml are for node.name and cluster.name.
To isolate the problem from the browser and head, I've tried it (with wildcard origin setting)
curl -H "Origin: http://example.com" -i http://localhost:9200
and elasticsearch definitely isn't including the cors headers:
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 370
{
"name" : "...", ...
I am normally running this over a ssh tunnel (so localhost:9200 would actually be the local end of the ssh tunnel with localhost:9200 at the other end being the real local socket access). But for this test I ran curl locally on the es server; though I don;t think that should make any difference.
I am stumped. Can anyone help?