Javadoubts

Elastic Search CORS Issue

Ajax calls to the Elasticsearch instance will result in a CORS issue, which is essentially a cross-domain problem if our application and Elasticsearch instance having different domains.

Access to XMLHttpRequest at ‘https://testelasticsearchdomain.us-central1.gcp.cloud.es.io/search-english-index/_search?size=0&filter_path=aggregations/’ from origin ‘http://localhost:4502′ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

To resolve CORS issue we can follow below steps.

1. Click on Manage user settings and extensions link.

2. Allow require origins/domains and headers as shown below. Click on Back button:

http.cors.enabled : true
http.cors.allow-origin: "http://localhost:3000,http://localhost:4502,https://javadoubts.com/"
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: X-Requested-With,X-Auth-Token,Content-Type,Content-Length,client_id,client_secret,authorization
http.cors.allow-credentials: true

3. Scroll down till the end on the same page and click on Save button will save your change.

It will rebuild the instance to deploy the changes and this process will take 5 to 10 minutes in total.

Now, trying same API call to Elasticsearch from different origin/domain will not give CORS issue.