使用 elasticsearch.js 时出现 CORS 错误

Question

我正在尝试从本地计算机测试索引。我创建了一个带有查询框的简单 HTML 页面，该页面使用 elasticsearch.js 客户端将查询发送到 ES。索引和浏览器都在我的桌面上，因此不应该存在跨源问题，但我不断收到错误消息：

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:9200/portal/book/_search?q=title%3Ahistoire. This can be fixed by moving the resource to the same domain or enabling CORS.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:9200/. This can be fixed by moving the resource to the same domain or enabling CORS.

我尝试启用 CORS，但得到了同样的错误。以下是索引的设置：

{
    "portal": {
        "settings": {
            "index": {
                "creation_date": "1421788614558",
                "uuid": "jg-iHjnSTDGHODY0_x4Ysw",
                "number_of_replicas": "1",
                "http": {
                    "cors": {
                        "enabled": "true",
                        "allow-origin": "/(http://)?localhost(:[0-9]+)?/"
                    }
                },
                "number_of_shards": "5",
                "version": {
                    "created": "1040299"
                }
            }
        }
    }
}

index.html

<!DOCTYPE html >
<html ng-app="portal">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
        <link rel="stylesheet" href="bower_components/bootstrap/dist/css/bootstrap.min.css">

        <script src="bower_components/angular/angular.min.js"></script>
        <script src="bower_components/elasticsearch/elasticsearch.min.js"></script>

        <script src="js/app.js"></script>
        <script src="js/controllers.js"></script>
    </head>

    <body ng-controller="SearchCtrl">
        <div class="container-fluid">
            <div class="row-fluid">
                <span class="span3">
                    <input class="input-block-level" ng-model="queryTerm" type="text">
                </span>&nbsp;
                <button ng-click="search()" class="btn" type="button">Search</button>
            </div>

            <div class="row-fluid">
                Found {{ results.hits.total }}
                <div class="span4">
                    <li ng-repeat="doc in results.hits.hits">
                        {{ doc._source.title }}
                    </li>
                </div>
            </div>
        </div>
    </body>
</html>

app.js

angular.module('portal', [
    'controllers',
]);

var client = new elasticsearch.Client({
    host: 'http://localhost:9200',
    apiVersion: '1.3',

});

controller.js

angular.module('controllers', []).controller('SearchCtrl',
    function($scope) {

        $scope.search = function(query) {
            $scope.results = client.search({
                    index: 'portal',
                    type: 'book',
                    q: 'title:' + $scope.queryTerm
                }, function (error, response) {console.log('could not execute query!')}
            );
        };
    }
);

Answer 1

我不知道您为什么一开始就遇到跨域错误。您是否将前端打开为 file://....？完全随机猜测，不确定是否重要。如果您想通过 Web 服务器运行您的 UI，您可以打开一个终端，cd 进入该目录并运行“python -m SimpleHTTPServer 7000”。现在您的 UI 正在 localhost:7000 上运行。

有关 CORS 设置，请参阅 http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/modules-http.html，如果您使用的是 Chrome，http://www.williamjohnbert.com/2013/06/allow-cors-with-localhost-in-chrome/ 可能会有所帮助。

在您的配置中，您至少应该设置 'http.cors.enabled: true' 和 'http.cors.allow-credentials: true'。其他默认值应该是合理的。您可能还需要修改“http.cors.max-age”设置，以防旧设置被缓存。

使用 js 控制台，浏览器中的 net 选项卡查看您返回的标题。

Answer 2

将以下行添加到您的配置 yml 文件中

http.cors.enabled : true
http.cors.allow-origin: "*"
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: X-Requested-With,X-Auth-Token,Content-Type,Content-Length
http.cors.allow-credentials: true

并在基于 unix 的系统上杀死弹性搜索 java 进程，如本主题响应 https://stackoverflow.com/a/41644614/11079315 所展示的那样