Elasticsearch CrossOrigin Requests

Disabled http.cors (useful when developing apps which interact directly with ES through a browser Using CORS can break Kibana 4.x (elastic/kibana#6719)
mtds · Feb 2, 2017 · e8fdbb8 · e8fdbb8
1 parent b0bfe4a
commit e8fdbb8
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 4 deletions.
diff --git a/attributes/default.rb b/attributes/default.rb
@@ -78,6 +78,11 @@
 default.elasticsearch['discovery']['zen']['ping']['multicast']['enabled'] = false
 default.elasticsearch['discovery']['zen']['minimum_master_nodes'] = 1
 
+# === CORS SETTINGS
+#
+default.elasticsearch['http_cors']['enabled'] = false
+default.elasticsearch['http_cors']['allow_origin'] = "/https?:\/\/localhost(:[0-9]+)?/"
+
 # === GATEWAY SETTINGS
 #
 default.elasticsearch['gateway']['expected_nodes'] = 1

diff --git a/templates/default/elasticsearch.yml.erb b/templates/default/elasticsearch.yml.erb
@@ -266,13 +266,15 @@ bootstrap.mlockall: <%= node.elasticsearch['bootstrap']['mlockall'] %>
 #
 http.port: <%= node.elasticsearch['http']['port'] %>
 
+<% if node.elasticsearch['http_cors']['enabled'] -%>
 # Enable or disable cross-origin resource sharing, i.e. whether a browser on another 
-# origin can do requests to Elasticsearch. Defaults to false.
+# origin can do requests directly to Elasticsearch. Defaults to false.
 http.cors.enabled: true
 
-# Which origins to allow. Defaults to no origins allowed.
-# It's not necessary specify the port unless it's different from 80. 
-http.cors.allow-origin: http://<%= node.elasticsearch['node']['name'] %>
+# Which origins to allow: by default no origins are allowed. It's not necessary specify 
+# the port unless it's different from 80. 
+http.cors.allow-origin: <%= node.elasticsearch['http_cors']['allow_origin'] %>
+<% end -%>
 
 # Set a custom allowed content length:
 #