elasticsearch:尽管配置http模块,跨源请求被阻止
问题描述:
我正在使用elasticsearch的2.3.2版本。在我的elasticsearch.yml文件中,我添加了以下几行以允许跨源请求。elasticsearch:尽管配置http模块,跨源请求被阻止
http.cors.enabled: true
http.cors.allow-credentials: true
http.cors.allow-methods: OPTIONS,HEAD,GET,POST,PUT,DELETE
http.cors.max-age: 0
http.cors.allow-origin: /http?:\/\/localhost(:[0-9]+)?/
http.cors.allow-headers : X-Requested-With,X-Auth-Token,Content-Type,Content-Length
但是,当我尝试从Firefox执行查询时,出现以下错误;
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote
resource at http://localhost:9200/someIndex/_search?size=10&from=0.
(Reason: CORS header 'Access-Control-Allow-Origin' missing).
更换参数与"*"
,似乎工作,但文件表明,这是一个安全的请求。
来自浏览器的请求标题如下;
Accept - application/json, text/plain, */*
Accept-Encoding - gzip, deflate
Accept-Language - en-US,en;q=0.5
Content-Length - 26
Content-Type - application/json;charset=utf-8
DNT - 1
Host - localhost:9200
Origin - null
User-Agent - Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:44.0) Gecko/20100101 Firefox/44.0
有人可以请建议我在做什么错误在上面?
答
你似乎有一个小的错字。
它应该阅读
http.cors.allow-origin: /https?:\/\/localhost(:[0-9]+)?/
^
|
add this
即您的?
,这意味着之前缺少s
“HTTP或HTTPS”
可以尝试把它写在双引号? – alpert
如果添加双引号,elasticsearch将无法启动。 – JSB