This was resolved by including the "http" string in the "allow-origin" command(Thx for testing, Clinton). The correct entry is as follows. Note that besides the required "http" string, the documentation and example only supports SSL or without SSL, not both. In the corrected command below, I specify "no SSL"
Would require testing, but I assume repeating the same command with "http" and then "https" might cover both situations. Looking at the string after the fact, now I understand and see the RegEx describing the full URL (http://localhost:anyport/) ################################# Custom ################################## http.cors.allow-origin: /http?:\/\/localhost(:[0-9]+)?/ http.cors.enabled: true On Monday, December 8, 2014 11:44:16 AM UTC-8, Tony Su wrote: > > Trying to enter the correct setting in elasticsearch.yml. > Although the first block below added to elasticsearch.yml does what it > wants, it disables CORS security altogether. > Am trying to enable only localhost. The ES documentation is not clear how > to define enabled domain(s) only > > As follows, TIA > Tony > > > 1. This works, but enables all Domains > 2. ################################# Custom > ################################## > 3. http.cors.allow-origin: "/.*/" > 4. http.cors.enabled: true > 5. > 6. > 7. Trying to enable and restrict cors to localhost attempted the > following unsuccessfully > 8. > 9. The Following results in an empty page (elasticsearch can start) > 10. ################################# Custom > ################################## > 11. http.cors.allow-origin: "/localhost(:[0-9]+)?/" > 12. http.cors.enabled: true > 13. > 14. The Following results in the elasticsearch unable to start > 15. (From official documentation > > http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/modules-http.html > > ) > 16. Don't know why the first forward slash exists which is why I > removed in above try > 17. ################################# Custom > ################################## > 18. http.cors.allow-origin: "\/\/localhost(:[0-9]+)?/" > 19. http.cors.enabled: true > > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/35789fb1-7959-4271-8fa3-6eeb29622de0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
