跨源请求阻止弹性搜索

时间:2016-05-23 06:55:00

标签: angularjs elasticsearch

您正在运行Elasticsearch版本2.3并且我有一个Angular代码可以像搜索一样进行查询。当我运行它时,即使将http.cors.enabled设置为true以及http.cors.allow-origin,我也会收到此错误到/https?:\/\/localhost(:[0-9]+)?/

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://localhost:9200/elastic/_search?size=50. This can be fixed by moving the resource to the same domain or enabling CORS

我不明白这是什么问题。

我的请求标题。

    User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
Pragma: no-cache
Origin: http://127.0.0.1:8100
Host:   localhost:9200
Connection: keep-alive
Cache-Control:  no-cache
Access-Control-Request-Method:  POST
Access-Control-Request-Headers: content-type
Accept-Language:    en-US,en;q=0.5
Accept-Encoding:    gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

我的控制台看起来像这样。 enter image description here

但如果我将请求直接放在浏览器中,就像这样..我得到正确的输出。

enter image description here

2 个答案:

答案 0 :(得分:1)

为此我通过将这些行添加到我的yml,然后重新启动ES来解决了这个问题。

 http.cors.enabled : true
 http.cors.allow-origin: "*"
 http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
 http.cors.allow-headers: X-Requested-With,X-Auth-Token,Content-Type,Content-Length
 http.cors.allow-credentials: true

答案 1 :(得分:0)

如果您不想修改elasticsearch.yml,可以使用此Chrome extension来禁用CORS。