Docs
Guides
Enable CORS

Add CORS headers

This is only required if you're calling Elasticsearch directly from the browser and without proxying Elasticsearch. Read more at Proxy Elasticsearch docs.

In order to call Elasticsearch / Opensearch directly from the browser, you need to add CORS headers to the response.

Elasticsearch

Docker

This docker run command will add specify the CORS headers when running Elasticsearch.

docker run --name elasticsearch --net elastic -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -e "xpack.security.enabled=false" -e http.cors.enabled=true -e "http.cors.allow-origin='*'" -e http.cors.allow-headers=X-Requested-With,X-Auth-Token,Content-Type,Content-Length,Authorization -e http.cors.allow-credentials=true -e network.publish_host=localhost -e xpack.security.enabled=false docker.elastic.co/elasticsearch/elasticsearch:8.6.2

Elastic Cloud

  1. Navigate to the deployment page
  2. go to actions > edit deployment
  3. on Elasticsearch instance, click on "Elasticsearch user settings and extensions"
  4. add the following to the "Elasticsearch user settings" field
http.cors.allow-origin: "*"
http.cors.enabled: true
http.cors.allow-credentials: true
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: X-Requested-With, X-Auth-Token, Content-Type, Content-Length, Authorization, Access-Control-Allow-Headers, Accept, x-elastic-client-meta

elasticsearch.yml

To do this, you need to add the following to your elasticsearch.yml file:

http.cors.allow-origin: "*"
http.cors.enabled: true
http.cors.allow-credentials: true
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: X-Requested-With, X-Auth-Token, Content-Type, Content-Length, Authorization, Access-Control-Allow-Headers, Accept, x-elastic-client-meta

Opensearch

Docker

This docker run command will add specify the CORS headers when running Opensearch.

docker run --name opensearch --rm -d -p 9200:9200 -e http.port=9200 -e discovery.type=single-node -e http.max_content_length=10MB -e http.cors.enabled=true -e "http.cors.allow-origin='*'" -e http.cors.allow-headers=X-Requested-With,X-Auth-Token,Content-Type,Content-Length,Authorization -e http.cors.allow-credentials=true opensearchproject/opensearch:1.2.4

Apache 2.0 2024 © Joseph McElroy.
Need help? Join discord