Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response.

See original GitHub issue

I am attempting to make a connection to my Elastic Search. I would like to add in the header ‘Origin’, but SearchkitManager throws the error Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response. My Elasticsearch requires this header, is there any way to allow this header within searchkit

The code:

render() {

    const headers = {Authorization: 'user:pw', 'Origin': 'origin-url'}
    const searchKitManager = new SearchkitManager('http://url-to-es, {httpHeaders: headers})

    return (<SearchkitProvider searchkit={searchKitManager}>
                 ...
                </SearchkitProvider>)

Note: I have tried basicAuth.

Issue Analytics

  • State:closed
  • Created 7 years ago
  • Comments:6 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
ssetemcommented, May 24, 2016

you might need to add Authorization to the allowed cors headers in your ES config

I think the property is http.cors.allow-headers

0reactions
ssetemcommented, May 25, 2016

nice! I will add a note to our docs

Read more comments on GitHub >

github_iconTop Results From Across the Web

Request header field Access-Control-Allow-Headers is not ...
Notice the Authorization value for the Access-Control-Allow-Headers key. I was missing the Authorization value, this config solves my issue.
Read more >
CORS error: Request header field Authorization is not allowed ...
The CORS error "Request header field Access-Control-Allow-Headers is not allowed by Access-Control-Allow-Headers in preflight response" occurs when your browser ...
Read more >
'Request header field authorization is not allowed by Access ...
'Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.' in a POST Request #2345.
Read more >
Access-Control-Allow-Headers - HTTP - MDN Web Docs
Although CORS-safelisted request headers are always allowed and don't usually need to be listed in Access-Control-Allow-Headers , listing them ...
Read more >
Request header field content-type is ... - Netlify Support Forums
Access to XMLHttpRequest at 'https://XXXX' from origin 'https://XXX' has been blocked by CORS policy: Request header field content-type is ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Uncaught Invariant Violation: SearchkitProvider.render(): A valid React element (or null) must be returned. You may have returned undefined, an array or some other invalid object.

Next page

Multiple OR RefinementListFilters produces weird behavior