0

I use Docker & Traefik to manage a ReactJS app calling an ElasticSearch API.

Here is my elasticsearch.yml config :

cluster.name: "docker-cluster"
network.host: 0.0.0.0
http.cors.enabled : true
http.cors.allow-origin: "*"
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: X-Requested-With,X-Auth-Token,Content-Type,Content-Length
http.cors.allow-credentials: true
xpack.security.enabled: true
xpack.security.authc.api_key.enabled: true

And here the entry in docker-compose for my Elasticsearch service :

elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.12.0
    restart: always
    volumes:
      - ${DATA_FOLDER_ELASTICHSEARCH}:/usr/share/elasticsearch/data
      - ./infra/elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
    environment:
      - discovery.type=single-node      
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.elasticsearch.rule=Host(`myElastic.domain.com`)"
      - "traefik.http.routers.elasticsearch.entrypoints=websecure"
      - "traefik.http.routers.elasticsearch.middlewares=testHeader"   
      - "traefik.http.middlewares.testHeader.headers.accesscontrolallowmethods=GET,OPTIONS,POST"
      - "traefik.http.middlewares.testHeader.headers.accesscontrolalloworiginlist=*"
      - "traefik.http.middlewares.testHeader.headers.accesscontrolmaxage=100"
      - "traefik.http.middlewares.testHeader.headers.addvaryheader=true"
    networks:
      - myNetwork

If I call my ElasticSearch API (like a simple POST on /myIndex/_search using Postman for example, I have my response headers :

Access-Control-Allow-Origin : *
Vary : Origin

But I still have the CORS issue on my React app using fetch (for now I use directly the ElasticSearch API from my react).

Do I need to change anything from the fetch api ?

EDIT

Looking at CORS: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true, it seems I can't use * to define my allowed domains, so I put :

- "traefik.http.middlewares.testHeader.headers.accesscontrolalloworiginlist=https://reactApp.domain.com"

But no success ... in my Chrome console, I have this message :

preflight wildcard origin not allowed
Vincent Decaux
  • 7,375
  • 3
  • 37
  • 52
  • Assuming your react app is exposed to http credentials because of `http.cors.allow-credentials: true`, did you check that requests send by the the app [allow for cross site access control](https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials)? – Jeroen van der Laan Mar 24 '21 at 20:25
  • Doesn't change unfortunatly :( – Vincent Decaux Mar 24 '21 at 21:34

0 Answers0