Cross-Origin Resource Sharing And unauthorized access issues with Elasticsearch

infiniflow / ragflow

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine based on deep document understanding.

https://ragflow.io

Apache License 2.0

19.6k stars 1.97k forks source link

Cross-Origin Resource Sharing And unauthorized access issues with Elasticsearch #824

Open xinjiahua99 opened 5 months ago

xinjiahua99 commented 5 months ago

Describe your problem

I have scanned the server's ports 9380 and 9000 for CORS (Cross-Origin Resource Sharing) vulnerabilities with failed origin checks, as well as unauthorized access issues with Elasticsearch. How can I resolve these security concerns?

KevinHuSh commented 4 months ago

To add password to ES, you need to modify service_conf.yml and rag/util/es_conn.py.