You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Part of the reason we have the /elasticsearch proxy in the first place is to avoid issues with CORS. However, we're passing the client's origin header along with the request, so CORS must still be configured on the ES side to handle requests, even those coming from through the proxy.
I think we should probably be stripping the origin header at the very least.
To test this, simply enable CORS on the ES instance by adding the following to the elasticsearch.yml (or via config in esvm):
http.cors.enabled: true
Now requests from Kibana in dev mode will fail at the couier, because the origin header is not allowed (nothing is allowed by default).
The request fails because the client is https, and the server is http, and the origins no longer match. Setting http.cors.allow-origin: '*' in ES will fix this, but it shouldn't be required - the proxy should Just Work (tm).
The text was updated successfully, but these errors were encountered:
Part of the reason we have the
/elasticsearch
proxy in the first place is to avoid issues with CORS. However, we're passing the client'sorigin
header along with the request, so CORS must still be configured on the ES side to handle requests, even those coming from through the proxy.I think we should probably be stripping the
origin
header at the very least.To test this, simply enable CORS on the ES instance by adding the following to the elasticsearch.yml (or via config in esvm):
http.cors.enabled: true
Now requests from Kibana in dev mode will fail at the couier, because the origin header is not allowed (nothing is allowed by default).
The request fails because the client is https, and the server is http, and the origins no longer match. Setting
http.cors.allow-origin: '*'
in ES will fix this, but it shouldn't be required - the proxy should Just Work (tm).The text was updated successfully, but these errors were encountered: