Elasticsearch 1.4.0: Marvel Sense fails with “Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource”
After upgrading an Elasticsearch cluster from v1.3.2 to v1.4.0, using Marvel Sense to run queries against the server would fail with:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://www.server.com:9200/?_=1417024257696.
This can be fixed by moving the resource to the same domain or enabling CORS.
You can lock it down further by setting specific origins (such as localhost):
There are plenty of other options for CORS in Elasticsearch, you can read about them at http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/modules-http.html#_settings_2