elasticsearch：跨源请求阻塞，尽管配置http模块 [英] elasticsearch: Cross-Origin Request Blocked despite configuring http module

问题描述

我使用的是elasticsearch的2.3.2版本。在我的elasticsearch.yml文件中，我添加了以下行以允许跨源请求。

I am using version 2.3.2 of elasticsearch. In my elasticsearch.yml file I have added the below lines to allow Cross-Origin requests.

http.cors.enabled: true
http.cors.allow-credentials: true
http.cors.allow-methods: OPTIONS,HEAD,GET,POST,PUT,DELETE
http.cors.max-age: 0
http.cors.allow-origin: /http?:\/\/localhost(:[0-9]+)?/
http.cors.allow-headers : X-Requested-With,X-Auth-Token,Content-Type,Content-Length

查询从Firefox，我得到以下错误;

However, when i try to execute a query from Firefox, I get the following error;

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote 
resource at http://localhost:9200/someIndex/_search?size=10&from=0. 
(Reason: CORS header 'Access-Control-Allow-Origin' missing).

替换 http.cors.allow-origin 参数*似乎工作，但文档表明这是一个安全请求。

Replacing the http.cors.allow-origin parameter with "*", seems to work, but the documentation indicates this is a security requests.

请求标头位于下面;

Accept - application/json, text/plain, */*
Accept-Encoding - gzip, deflate
Accept-Language - en-US,en;q=0.5
Content-Length - 26
Content-Type - application/json;charset=utf-8
DNT - 1
Host - localhost:9200
Origin - null
User-Agent - Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:44.0) Gecko/20100101 Firefox/44.0

有人可以建议我上面做错了什么吗？

Could someone please suggest what I am doing wrong in the above?

推荐答案

你似乎有一个小错字。

You seem to have a small typo.

应该读

http.cors.allow-origin: /https?:\/\/localhost(:[0-9]+)?/
                             ^
                             |
                          add this

您在？之前缺少 s ，表示http或https

i.e. you're missing the s before the ?, which means "either http or https"

这篇关于elasticsearch：跨源请求阻塞，尽管配置http模块的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！