i try to fetch elastic api using javascript with basic authentication, but there is error show that request header field authorization is not allowed by acccess-control-allow-headers, is it something wrong with the elasticsearch api or the wrong is on my code? i already setting enable cors on elastic, i tried curl to get elastic data with auth and it works, does the fetch code is wrong?
the fetch code :
fetch('http://192.168.150.220:9900/', {method:'GET',
headers: {'Authorization': 'Basic ' btoa('em_user:3md@t@2o22')}})
.then(response => response.json())
.then(json => console.log(json));
CodePudding user response:
To use fetch from your browser, you will have to allow cross-origin requests in the ElasticSearch configuration:
http.cors.enabled : true
http.cors.allow-origin: "*"
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: X-Requested-With,X-Auth-Token,Content-Type,Content-Length,Authorization
http.cors.allow-credentials: true
Source:
https://www.elastic.co/guide/en/elasticsearch/reference/8.2/modules-network.html https://www.elastic.co/guide/en/cloud-enterprise/current/ece-configure-cors.html