Cors policy error inside template node but not in http request node

I have a template node that is trying to retrieve data with a post request (fetch), I have a CORS policy error that I don't manage to fix.

Access to fetch at 'https://example-elasticsearch/index_3/_search' from origin '' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

this is my javascript (in the template node code) :

const userAction = async () => {'in');
  const myBody = {"query": {"bool": {"must": [ { "match": { "My": 4000 }}]}}};
  const username = 'hidden';
  const password = 'hidden';
  const response = await fetch('https://example-elasticsearch/index_3/_search', {
    method: 'POST',
    body: myBody, // string or object
    headers: {
      'Content-Type': 'application/json',
      "Authorization": 'Basic ' + btoa(username + ":" + password)
const myJson = await response.json(); //extract JSON from the http response;

I tried to add this line in the header without any success :
'Access-Control-Allow-Origin': '*'

In my opinion it's not a problem on the server where I retrieve the data because when I try to retrieve the data using an http request node it is working.

Does someone have any idea how I can fix that?

Thanks a lot

When the HTTP request operates, it is FROM your node-red server.

When the fetch operates, it is from the clients browser.

These are different.

NOTE: CORS control is set by the endpoint server not the requester

I can only assume https://example-elasticsearch/index_3/_search is on the same box as node-red and that the browser is on a separate machine?

1 Like

I believe you are right, I guess that I need to change some configuration in the elastic server.
Thanks for the help this is really helpful.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.