admin管理员组

文章数量:1331692

I am making a POST request from a local https server to an ElasticSearch endpoint which has been configured as follows

http.cors.enabled: true
http.cors.allow-credentials: true
http.cors.allow-origin: "*"
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: X-Requested-With, X-Auth-Token, Content-Type, Content-Length, Authorization, Access-Control-Allow-Headers, Accept

The request has headers:

Access-Control-Allow-Headers: Accept, Access-Control-Allow-Headers, Authorization, Content-Type
Content-Type: application/json; charset=utf-8
Accept: application/json; charset=utf-8
Access-Control-Allow-Credentials: true
Authorization: (basic authentication token)

On a POST request, the following error appears: Request header field Access-Control-Allow-Headers is not allowed by Access-Control-Allow-Headers in preflight response.

The network debugger indeed shows that the Access-Control-Allow-Headers header is not present in the response header. The response header:

HTTP/1.1 200 OK
Access-Control-Allow-Origin: 
Vary: Origin
Access-Control-Allow-Methods: 
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
content-length: 0
date: Fri, 29 Apr 2016 14:08:14 GMT

Note that Access-Control-Allow-Headers is not present and Access-Control-Allow-Methods is blank. All possible string formats have been tested, and these headers do not appear.

I am making a POST request from a local https server to an ElasticSearch endpoint which has been configured as follows

http.cors.enabled: true
http.cors.allow-credentials: true
http.cors.allow-origin: "*"
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: X-Requested-With, X-Auth-Token, Content-Type, Content-Length, Authorization, Access-Control-Allow-Headers, Accept

The request has headers:

Access-Control-Allow-Headers: Accept, Access-Control-Allow-Headers, Authorization, Content-Type
Content-Type: application/json; charset=utf-8
Accept: application/json; charset=utf-8
Access-Control-Allow-Credentials: true
Authorization: (basic authentication token)

On a POST request, the following error appears: Request header field Access-Control-Allow-Headers is not allowed by Access-Control-Allow-Headers in preflight response.

The network debugger indeed shows that the Access-Control-Allow-Headers header is not present in the response header. The response header:

HTTP/1.1 200 OK
Access-Control-Allow-Origin: https://dl.dropboxusercontent.
Vary: Origin
Access-Control-Allow-Methods: 
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
content-length: 0
date: Fri, 29 Apr 2016 14:08:14 GMT

Note that Access-Control-Allow-Headers is not present and Access-Control-Allow-Methods is blank. All possible string formats have been tested, and these headers do not appear.

Share asked Apr 29, 2016 at 14:36 user4815162342user4815162342 1,6982 gold badges17 silver badges23 bronze badges 1
  • Seems a lot like this issue github./elastic/elasticsearch/issues/17483 which has been resolved in 2.3. – Val Commented Apr 29, 2016 at 14:40
Add a ment  | 

3 Answers 3

Reset to default 3

You should add following signs to your elasticsearch.yml:

http.cors.allow-methods : OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers : Authorization, X-Requested-With,X-Auth-Token,Content-Type, Content-Length

and then restart the es, enjoy!

I finally solved the problem with these config lines in elasticsearch.yml:

http.cors.enabled: true
http.cors.allow-origin: /https?:\/\/(localhost)?(127.0.0.1)?(:[0-9]+)?/
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: Authorization, X-Requested-With,X-Auth-Token,Content-Type, Content-Length

As of 2022, according to https://docs.elastic.co/search-ui/tutorials/elasticsearch

try include all headers below

http.cors.allow-origin: "*"
http.cors.enabled: true
http.cors.allow-credentials: true
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: X-Requested-With, X-Auth-Token, Content-Type, Content-Length, Authorization, Access-Control-Allow-Headers, Accept, x-elastic-client-meta

In my case, I forget to wrap the end of the line and thus get missing header error.

And this is the top search I got, so just put it here in case anyone made same mistake.

本文标签: javascriptElasticSearch AccessControlAllowHeaders header is not presentStack Overflow