XMLHttpRequest error when using in flutter web

[jamiejacksoncumbria]

When trying to use this package in flutter web I come across this error. XMLHttpRequest error. On ios and Android it works fine. Any Idea's how to fix this issue?

Error: XMLHttpRequest error. C:/b/s/w/ir/cache/builder/src/out/host_debug/dart-sdk/lib/_internal/js_dev_runtime/patch/core_patch.dart 910:28 get current packages/http/src/browser_client.dart 69:22 C:/b/s/w/ir/cache/builder/src/out/host_debug/dart-sdk/lib/async/zone.dart 1685:54 runUnary C:/b/s/w/ir/cache/builder/src/out/host_debug/dart-sdk/lib/async/future_impl.dart 159:18 handleValue C:/b/s/w/ir/cache/builder/src/out/host_debug/dart-sdk/lib/async/future_impl.dart 766:44 handleValueCallback C:/b/s/w/ir/cache/builder/src/out/host_debug/dart-sdk/lib/async/future_impl.dart 795:13 _propagateToListeners C:/b/s/w/ir/cache/builder/src/out/host_debug/dart-sdk/lib/async/future_impl.dart 592:7 [_complete] C:/b/s/w/ir/cache/builder/src/out/host_debug/dart-sdk/lib/async/stream_pipe.dart 61:11 _cancelAndValue C:/b/s/w/ir/cache/builder/src/out/host_debug/dart-sdk/lib/async/stream.dart 1288:7 C:/b/s/w/ir/cache/builder/src/out/host_debug/dart-sdk/lib/_internal/js_dev_runtime/private/ddc_runtime/operations.dart 334:14 _checkAndCall C:/b/s/w/ir/cache/builder/src/out/host_debug/dart-sdk/lib/_internal/js_dev_runtime/private/ddc_runtime/operations.dart 339:39 dcall C:/b/s/w/ir/cache/builder/src/out/host_debug/dart-sdk/lib/html/dart2js/html_dart2js.dart 37301:58

at Object.createErrorWithStack (http://localhost/dart_sdk.js:5080:12)
at Function._throw (http://localhost/dart_sdk.js:20337:18)
at Function.throwWithStackTrace (http://localhost/dart_sdk.js:20334:18)
at async._AsyncCallbackEntry.new.callback (http://localhost/dart_sdk.js:40851:18)
at Object._microtaskLoop (http://localhost/dart_sdk.js:40708:13)
at _startMicrotaskLoop (http://localhost/dart_sdk.js:40714:13)
at http://localhost/dart_sdk.js:36191:9

[leech001]

This is CORS (https://en.wikipedia.org/wiki/Cross-origin_resource_sharing)

[kaumudpa]

put the following lines in your elasticsearch.yml

http.cors.enabled : true
http.cors.allow-origin : "*"
http.cors.allow-methods : OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers :  X-Requested-With, X-Auth-Token, Content-Type, Content-Length, Authorization, Access-Control-Allow-Headers, Accept

Then restart elastic sudo systemctl restart elasticsearch.service

The issue will now be resolved.

[isoos]

This seems to be an unsecure way to expose your database over the internet, and it is likely that it will get hacked, the data will get exposed. Unless it is already open data, or you want to share everything in it anyway, use an intermediary server to access elasticsearch.

[kaumudpa]

@isoos Yes this way is insecure only if the instance is not secured by some security modules.

[isoos]

@kaumudpa if you put your security credentials into the app (be it on a mobile or on the web), it will get hacked. Maybe not immediately, but eventually, especially if it grows in users or features.

[kaumudpa]

@isoos will the instance be secure if we do this then?

http.cors.allow-origin : "https://Your Frontent URL"

?

[isoos]

@kaumudpa: if you are using a frontend server, it can connect to the elasticsearch server directly, there is no need for cors in that case.

[ZachGonzalezz]

I added the below to my yahml in elastic search.

http.cors.enabled: true
http.cors.allow-origin: /https?:\/\/localhost(:[0-9]+)?/
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: X-Requested-With,X-Auth-Token,Content-Type,Content-Length
http.cors.allow-credentials: true

It did not take effect. I restarted the instances and still nothing.

[jamiejacksoncumbria]

Hi this is what I have in my hosted elastic cloud yaml file. Works perfectly.

http.cors.enabled : true http.cors.allow-headers : X-Requested-With, X-Auth-Token, Content-Type, Content-Length, Authorization, Access-Control-Allow-Headers, Accept http.cors.allow-origin: "*"

On Thu, 28 Jul 2022 at 18:05, Zachary Gonzalez @.***> wrote:

I added the below to my yahml in elastic search. http.cors.enabled : true http.cors.allow-origin : "*" http.cors.allow-methods : OPTIONS, HEAD, GET, POST, PUT, DELETE http.cors.allow-headers : X-Requested-With, X-Auth-Token, Content-Type, Content-Length, Authorization, Access-Control-Allow-Headers, Accept

It did not take effect. I restarted the instances and still nothing. [image: Screen Shot 2022-07-28 at 8 04 48 AM] https://user-images.githubusercontent.com/73090016/181571872-804c2b15-a9b6-4219-b730-5f8038d228ef.png

— Reply to this email directly, view it on GitHub https://github.com/isoos/elastic_client/issues/59#issuecomment-1198278074, or unsubscribe https://github.com/notifications/unsubscribe-auth/AIE6P7ZLOQZLGB7DTYN2BSDVWKOTNANCNFSM5QFELHJA . You are receiving this because you authored the thread.Message ID: @.***>

[ZachGonzalezz]

Access-Control-Allow-Headers this was the one that did the trick. I need to add that thank you!!!

[jamiejacksoncumbria]

No problem. I spent hours and hours playing with elastics. I'm glad to save you some time.

On Thu, 28 Jul 2022 at 18:34, Zachary Gonzalez @.***> wrote:

Access-Control-Allow-Headers this was the one that did the trick. I need to add that thank you!!!

— Reply to this email directly, view it on GitHub https://github.com/isoos/elastic_client/issues/59#issuecomment-1198317694, or unsubscribe https://github.com/notifications/unsubscribe-auth/AIE6P74LGQISKU2ROHZ4LPTVWKSB3ANCNFSM5QFELHJA . You are receiving this because you authored the thread.Message ID: @.***>