leech001
commented
2 years ago This is CORS (https://en.wikipedia.org/wiki/Cross-origin_resource_sharing)
Open jamiejacksoncumbria opened 2 years ago
leech001
commented
2 years ago This is CORS (https://en.wikipedia.org/wiki/Cross-origin_resource_sharing)
kaumudpa
commented
2 years ago put the following lines in your elasticsearch.yml
http.cors.enabled : true
http.cors.allow-origin : "*"
http.cors.allow-methods : OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers : X-Requested-With, X-Auth-Token, Content-Type, Content-Length, Authorization, Access-Control-Allow-Headers, AcceptThen restart elastic sudo systemctl restart elasticsearch.service
The issue will now be resolved.
isoos
commented
2 years ago This seems to be an unsecure way to expose your database over the internet, and it is likely that it will get hacked, the data will get exposed. Unless it is already open data, or you want to share everything in it anyway, use an intermediary server to access elasticsearch.
kaumudpa
commented
2 years ago @isoos Yes this way is insecure only if the instance is not secured by some security modules.
isoos
commented
2 years ago @kaumudpa if you put your security credentials into the app (be it on a mobile or on the web), it will get hacked. Maybe not immediately, but eventually, especially if it grows in users or features.
kaumudpa
commented
2 years ago @isoos will the instance be secure if we do this then?
http.cors.allow-origin : "https://Your Frontent URL"
?
isoos
commented
2 years ago @kaumudpa: if you are using a frontend server, it can connect to the elasticsearch server directly, there is no need for cors in that case.
ZachGonzalezz
commented
2 years ago I added the below to my yahml in elastic search.
http.cors.enabled: true
http.cors.allow-origin: /https?:\/\/localhost(:[0-9]+)?/
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: X-Requested-With,X-Auth-Token,Content-Type,Content-Length
http.cors.allow-credentials: trueIt did not take effect. I restarted the instances and still nothing.
jamiejacksoncumbria
commented
2 years ago Hi this is what I have in my hosted elastic cloud yaml file. Works perfectly.
http.cors.enabled : true http.cors.allow-headers : X-Requested-With, X-Auth-Token, Content-Type, Content-Length, Authorization, Access-Control-Allow-Headers, Accept http.cors.allow-origin: "*"
On Thu, 28 Jul 2022 at 18:05, Zachary Gonzalez @.***> wrote:
I added the below to my yahml in elastic search. http.cors.enabled : true http.cors.allow-origin : "*" http.cors.allow-methods : OPTIONS, HEAD, GET, POST, PUT, DELETE http.cors.allow-headers : X-Requested-With, X-Auth-Token, Content-Type, Content-Length, Authorization, Access-Control-Allow-Headers, Accept
It did not take effect. I restarted the instances and still nothing. [image: Screen Shot 2022-07-28 at 8 04 48 AM] https://user-images.githubusercontent.com/73090016/181571872-804c2b15-a9b6-4219-b730-5f8038d228ef.png
— Reply to this email directly, view it on GitHub https://github.com/isoos/elastic_client/issues/59#issuecomment-1198278074, or unsubscribe https://github.com/notifications/unsubscribe-auth/AIE6P7ZLOQZLGB7DTYN2BSDVWKOTNANCNFSM5QFELHJA . You are receiving this because you authored the thread.Message ID: @.***>
ZachGonzalezz
commented
2 years ago Access-Control-Allow-Headers this was the one that did the trick. I need to add that thank you!!!
jamiejacksoncumbria
commented
2 years ago No problem. I spent hours and hours playing with elastics. I'm glad to save you some time.
On Thu, 28 Jul 2022 at 18:34, Zachary Gonzalez @.***> wrote:
Access-Control-Allow-Headers this was the one that did the trick. I need to add that thank you!!!
— Reply to this email directly, view it on GitHub https://github.com/isoos/elastic_client/issues/59#issuecomment-1198317694, or unsubscribe https://github.com/notifications/unsubscribe-auth/AIE6P74LGQISKU2ROHZ4LPTVWKSB3ANCNFSM5QFELHJA . You are receiving this because you authored the thread.Message ID: @.***>
When trying to use this package in flutter web I come across this error. XMLHttpRequest error. On ios and Android it works fine. Any Idea's how to fix this issue?
Error: XMLHttpRequest error. C:/b/s/w/ir/cache/builder/src/out/host_debug/dart-sdk/lib/_internal/js_dev_runtime/patch/core_patch.dart 910:28 get current packages/http/src/browser_client.dart 69:22
C:/b/s/w/ir/cache/builder/src/out/host_debug/dart-sdk/lib/async/zone.dart 1685:54 runUnary
C:/b/s/w/ir/cache/builder/src/out/host_debug/dart-sdk/lib/async/future_impl.dart 159:18 handleValue
C:/b/s/w/ir/cache/builder/src/out/host_debug/dart-sdk/lib/async/future_impl.dart 766:44 handleValueCallback
C:/b/s/w/ir/cache/builder/src/out/host_debug/dart-sdk/lib/async/future_impl.dart 795:13 _propagateToListeners
C:/b/s/w/ir/cache/builder/src/out/host_debug/dart-sdk/lib/async/future_impl.dart 592:7 [_complete]
C:/b/s/w/ir/cache/builder/src/out/host_debug/dart-sdk/lib/async/stream_pipe.dart 61:11 _cancelAndValue
C:/b/s/w/ir/cache/builder/src/out/host_debug/dart-sdk/lib/async/stream.dart 1288:7
C:/b/s/w/ir/cache/builder/src/out/host_debug/dart-sdk/lib/_internal/js_dev_runtime/private/ddc_runtime/operations.dart 334:14 _checkAndCall
C:/b/s/w/ir/cache/builder/src/out/host_debug/dart-sdk/lib/_internal/js_dev_runtime/private/ddc_runtime/operations.dart 339:39 dcall
C:/b/s/w/ir/cache/builder/src/out/host_debug/dart-sdk/lib/html/dart2js/html_dart2js.dart 37301:58