ElasticSearch Access-Control-Allow-Headers 标头不存在

Question

我正在从本地 https 服务器向已配置如下的 ElasticSearch 端点发出 POST 请求

http.cors.enabled: true
http.cors.allow-credentials: true
http.cors.allow-origin: "*"
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: X-Requested-With, X-Auth-Token, Content-Type, Content-Length, Authorization, Access-Control-Allow-Headers, Accept

请求有标头：

Access-Control-Allow-Headers: Accept, Access-Control-Allow-Headers, Authorization, Content-Type
Content-Type: application/json; charset=utf-8
Accept: application/json; charset=utf-8
Access-Control-Allow-Credentials: true
Authorization: (basic authentication token)

在 POST 请求中，出现以下错误：Request header field Access-Control-Allow-Headers is not allowed by Access-Control-Allow-Headers in preflight response.

网络调试器确实显示Access-Control-Allow-Headers 标头不存在于响应标头中。响应头：

HTTP/1.1 200 OK
Access-Control-Allow-Origin: https://dl.dropboxusercontent.com
Vary: Origin
Access-Control-Allow-Methods: 
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
content-length: 0
date: Fri, 29 Apr 2016 14:08:14 GMT

请注意，Access-Control-Allow-Headers 不存在，Access-Control-Allow-Methods 为空白。所有可能的字符串格式都已经过测试，并且这些标题不会出现。

Answer 1

您应该在elasticsearch.yml 中添加以下标志：

http.cors.allow-methods : OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers : Authorization, X-Requested-With,X-Auth-Token,Content-Type, Content-Length

然后重启es，享受吧！

Answer 2

我终于解决了elasticsearch.yml中这些配置行的问题：

http.cors.enabled: true
http.cors.allow-origin: /https?:\/\/(localhost)?(127.0.0.1)?(:[0-9]+)?/
http.cors.allow-methods : OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers : Authorization, X-Requested-With,X-Auth-Token,Content-Type, Content-Length