Cross-Origin Request Blocked elasticsearch


hi am running Elasticsearch version 2.3 and i have an Angular code to query like a search.when i run it i am getting this error even with http.cors.enabled set to true and also with http.cors.allow-origin to /https?:\/\/localhost(:[0-9]+)?/

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://localhost:9200/elastic/_search?size=50. This can be fixed by moving the resource to the same domain or enabling CORS

i don’t understand what the problem is.

my request headers.

    User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
Pragma: no-cache
Host:   localhost:9200
Connection: keep-alive
Cache-Control:  no-cache
Access-Control-Request-Method:  POST
Access-Control-Request-Headers: content-type
Accept-Language:    en-US,en;q=0.5
Accept-Encoding:    gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

my console looks like this.
enter image description here

but if i put the request directly in the browser like this..i get correct output.

enter image description here


I’ve solved the problem by adding these lines to my yml, then restarting ES.

 http.cors.enabled : true
 http.cors.allow-origin: "*"
 http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
 http.cors.allow-headers: X-Requested-With,X-Auth-Token,Content-Type,Content-Length
 http.cors.allow-credentials: true

Answered By – Josué Zatarain

This Answer collected from stackoverflow, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply

(*) Required, Your email will not be published