我正在使用elasticsearch的2.3.2版本。在我的elasticsearch.yml文件中,我添加了以下行以允许跨源请求。
http.cors.enabled: true
http.cors.allow-credentials: true
http.cors.allow-methods: OPTIONS,HEAD,GET,POST,PUT,DELETE
http.cors.max-age: 0
http.cors.allow-origin: /http?:\/\/localhost(:[0-9]+)?/
http.cors.allow-headers : X-Requested-With,X-Auth-Token,Content-Type,Content-Length
然而,当我尝试从Firefox执行查询时,我收到以下错误;
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote
resource at http://localhost:9200/someIndex/_search?size=10&from=0.
(Reason: CORS header 'Access-Control-Allow-Origin' missing).
用http.cors.allow-origin替换"*"参数似乎有效,但文档表明这是安全请求。
浏览器的请求标题位于下方;
Accept - application/json, text/plain, */*
Accept-Encoding - gzip, deflate
Accept-Language - en-US,en;q=0.5
Content-Length - 26
Content-Type - application/json;charset=utf-8
DNT - 1
Host - localhost:9200
Origin - null
User-Agent - Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:44.0) Gecko/20100101 Firefox/44.0
有人可以建议我在上面做错了吗?
答案 0 :(得分:0)
你似乎有一个小错字。
应该阅读
http.cors.allow-origin: /https?:\/\/localhost(:[0-9]+)?/
^
|
add this
即。您错过了s之前的?,这意味着“http或https”