Our elasticsearch setup has the following cors settings in elasticsearch.yml:
http.cors.enabled: true
http.cors.allow-credentials: true
http.cors.allow-origin: "*"
http.cors.allow-methods: OPTIONS,HEAD,GET,POST,PUT,DELETE
http.cors.allow-headers: "X-Requested-With,Content-Type,Content-Length,x-user"
If we run the following curl command on our server:
curl -H "User-Agent: Mozilla" -H "Origin: http://example.com" -i localhost:9200
we get the correct headers:
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
content-length: 533
access-control-allow-origin: *
access-control-allow-credentials: true
However, when we load our webpage with the following ajax call:
var postData = {
"size": 50,
"query": {
"multi_match": {
"query": request.term.toLowerCase(),
"type": "bool_prefix",
"fields": [
"product",
"product._2gram",
"product._3gram"
]
}
}
};
$.ajax({
url: "http://localhost:9200/products/_doc/_search",
type: "GET",
headers: {"X-User": "user"},
contentType: "application/json; charset=utf-8",
data: JSON.stringify(postData),
dataType: 'json',
success: function (data) {
console.log(data);
var hitsJson = (data.hits.hits);
for (var key in hitsJson) {
arr.push(hitsJson[key]._source.product);
}
response(arr);
console.log(arr);
},
error: function (xhr) {
alert("err");
alert(JSON.stringify(xhr));
}
});
we receive an error:
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
and the response headers are missing "access-control-allow-origin: *", this is the response:
Allow: DELETE,POST,PUT,HEAD,GET
content-length: 0
content-type: text/plain; charset=UTF-8
Request headers are as follows:
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8,de;q=0.7
Access-Control-Request-Headers: content-type,x-user
Access-Control-Request-Method: POST
Connection: keep-alive
Host: localhost:9200This text will be hidden
Origin: http://our_IP
Referer: http://our_IP/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/86.0.4240.111 Safari/537.36
The webpage with above ajax works fine and we obtain json data with correct response headers - access-control-allow-origin: *, if we add "network.host: our_IP" in elasticsearch.yml and change "url: "http://localhost:9200/products/_doc/_search"
in above ajax call to "url: "http://our_IP:9200/products/_doc/_search".
But if possible we would prefer to not use the "network.host: our_IP" option in elasticsearch.yml.
We would be very grateful if somebody could help us on this problem.