Elasticsearch https cors enabled but still getting No 'Access-Control-Allow-Origin' header is present on the requested resource

Question

I have enabled the settings for cors in my index called myIndex, here are the settings for it. But I when I try to pull the data from elasticsearch with some simple Javascript where the cors headers are set I get the error

XMLHttpRequest cannot load http://elasticSearchDomain.com:9200/myIndex/_search/. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8000' is therefore not allowed access.

I am running the Javascript by include it as a script that run when I open an html page through a python server.

{
      "state": "open",
      "settings": {
        "index": {
          "http": {
            "cors": {
              "allow-credentials": "true",
              "enabled": "true",
              "allow-origin": "*"
            }
          },
          "creation_date": "1461087830891",
          "number_of_shards": "5",
          "number_of_replicas": "1",
          "version": {
            "created": "1070499"
          },
          "uuid": "2JeIgB7IRs6_DzEb6PLx-w"
        }
      },
      "mappings": {
        "tx": {
          "properties": {
            "next": {
              "format": "dateOptionalTime",
              "type": "date"
            },
            "eid": {
              "index": "not_analyzed",
              "type": "string"
            },
            "95percent_time": {
              "type": "double"
            },
            "total_count": {
              "type": "long"
            },
            "failure_count": {
              "type": "long"
            },
            "pool_id": {
              "type": "long"
            },
            "pool_name": {
              "index": "not_analyzed",
              "type": "string"
            },
            "failure_rate": {
              "type": "double"
            },
            "report_time": {
              "format": "dateOptionalTime",
              "type": "date"
            },
            "txn_type": {
              "index": "not_analyzed",
              "type": "string"
            },
            "status_default": {
              "type": "long"
            },
            "txn_name": {
              "index": "not_analyzed",
              "type": "string"
            },
            "frequency_type": {
              "index": "not_analyzed",
              "type": "string"
            },
            "status_2": {
              "type": "long"
            },
            "status_1": {
              "type": "long"
            },
            "avg_time": {
              "type": "double"
            },
            "datacenter_id": {
              "type": "long"
            },
            "datacenter_name": {
              "index": "not_analyzed",
              "type": "string"
            },
            "server_type": {
              "type": "string"
            }
          }
        }
      },
      "aliases": [

      ]
    }

Here is my Javascript that Im trying to use to pull data from elasticsearch

var url = "http://elasticSearchDomain.com:9200/myIndex/_search/";
var method = "POST";
var postData = '{"query": { "filtered": { "query": { "query_string": { "query": "*", "analyze_wildcard": true } }, "filter": { "bool": { "must": [ { "query": { "query_string": { "query": "*", "analyze_wildcard": true } } }, { "range": { "report_time": { "gte": 1458409392443, "lte": 1461001392443 } } } ], "must_not": [] } } } }, "size": 0, "aggs": { "2": { "date_histogram": { "field": "report_time", "interval": "12h", "pre_zone": "-07:00", "pre_zone_adjust_large_interval": true, "min_doc_count": 1, "extended_bounds": { "min": 1458409392443, "max": 1461001392443 } }, "aggs": { "3": { "terms": { "field": "pool_name", "size": 20, "order": { "_count": "desc" } } } } } } }';

// You REALLY want async = true.
// Otherwise, it'll block ALL execution waiting for server response.
var async = true;

var request = new XMLHttpRequest();

// specifies how the HTTP response will be handled. 
request.onload = function () {

   // You can get all kinds of information about the HTTP response.
   var status = request.status; // HTTP response status, e.g., 200 for "200 OK"
   var data = request.responseText; // Returned data, e.g., an HTML document.
}

request.open(method, url, async);
request.setRequestHeader('Access-Control-Allow-Headers', '*');
request.setRequestHeader('Access-Control-Allow-Origin', '*');
request.setRequestHeader("Content-Type", "application/json;charset=UTF-8");

// Actually sends the request to the server.
request.send(postData);

Answer 1

For some specificity (and for anyone having trouble with the regex part), I had to add these configurations in elasticsearch.yml:

http.cors.enabled: true
http.cors.allow-origin: /https?:\/\/(localhost)?(127.0.0.1)?(:[0-9]+)?/

Not perfect regex, but my search app works now.

Answer 2

Those are not index specific settings.

The cors settings should be placed in the elasticsearch.yml config file of every node in your ES cluster and the cluster restarted. See here more about this.