-
Notifications
You must be signed in to change notification settings - Fork 24.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problems with http.cors.allow-methods #17483
Comments
I am afraid I will need to reopen this. Elasticsearch version: 2.3.0 Use of custom header does not seem to work reliably. Here is the CORS section of my configuration (elasticsearch.yml) file:
The client code is performing the following call:
Now, that request always goes through with Firefox 45.0.1.
When inspecting with Chrome I get:
These are the headers details I see in Chrome:
The very same configuration, index and client code works reliably in 2.2.0. |
I have experienced same issue which now breaks Grafana UI. |
The following code String[] strMethods = settings.getAsArray(settings.get(SETTING_CORS_ALLOW_METHODS, DEFAULT_CORS_METHODS), new String[0]);
HttpMethod[] methods = new HttpMethod[strMethods.length];
for (int i = 0; i < methods.length; i++) {
methods[i] = HttpMethod.valueOf(strMethods[i]);
}
return builder.allowedRequestMethods(methods)
.maxAge(settings.getAsInt(SETTING_CORS_MAX_AGE, DEFAULT_CORS_MAX_AGE))
.allowedRequestHeaders(settings.getAsArray(settings.get(SETTING_CORS_ALLOW_HEADERS, DEFAULT_CORS_HEADERS), new String[0]))
.shortCircuit()
.build(); should say String[] strMethods = settings.getAsArray(SETTING_CORS_ALLOW_METHODS, DEFAULT_CORS_METHODS);
HttpMethod[] methods = new HttpMethod[strMethods.length];
for (int i = 0; i < methods.length; i++) {
methods[i] = HttpMethod.valueOf(strMethods[i]);
}
return builder.allowedRequestMethods(methods)
.maxAge(settings.getAsInt(SETTING_CORS_MAX_AGE, DEFAULT_CORS_MAX_AGE))
.allowedRequestHeaders(settings.getAsArray(SETTING_CORS_ALLOW_HEADERS, DEFAULT_CORS_HEADERS))
.shortCircuit()
.build(); |
CORS headers and methods config parameters must be read as arrays. This commit fixes the issue. It affects http.cors.allow-methods and http.cors.allow-headers. Fixes elastic#17483
Elasticsearch version: 2.3.0
JVM version: 1.8.0_31
OS version: MAC OS X 10.10.5
Description of the problem including expected versus actual behavior:
Definition of an accepted a custom header does not seem to work.
Steps to reproduce:
The text was updated successfully, but these errors were encountered: