kibana + elasticsearch 使用 Chrome/safari 请求 403 forbidden

elasticsearch 版本 2.3.1

由于 Elasticsearch 在处理 CORS 的一个BUG,kibana 在 firefox 上是正常,使用 chrome / safari 则会报错

1. Normal user-agent is ok

curl -v 'https://xxx.my.host/elasticsearch/_mget?timeout=0&ignore_unavailable=true&preference=1465897339430' -H 'origin: https://xxx.my.host' -H 'user-agent: Rajax/1 Redmi_3/ido Android/5.1.1 Display/LMY47V Eleme/5.10.2 ID/fa0ef395-659a-3150-b347-f258248013af; KERNEL_VERSION:3.10.49-perf-g6241083 API_Level:22 Mozilla/5.0 (Linux; Android 5.1.1; Redmi 3 Build/LMY47V; wv)' -d '{"docs":[{"_index":".kibana","_type":"config","_id":"4.5.1"}]}'
*   Trying 115.x.x.42...
* Connected to xxx.my.host (115.x.x.42) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: *.ele.me
* Server certificate: GeoTrust SSL CA - G3
* Server certificate: GeoTrust Global CA
> POST /elasticsearch/_mget?timeout=0&ignore_unavailable=true&preference=1465897339430 HTTP/1.1
> Host: xxx.my.host
> Accept: */*
> origin: https://xxx.my.host
> user-agent: Rajax/1 Redmi_3/ido Android/5.1.1 Display/LMY47V Eleme/5.10.2 ID/fa0ef395-659a-3150-b347-f258248013af; KERNEL_VERSION:3.10.49-perf-g6241083 API_Level:22 Mozilla/5.0 (Linux; Android 5.1.1; Redmi 3 Build/LMY47V; wv)
> Content-Length: 62
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 62 out of 62 bytes
< HTTP/1.1 200 OK
< Server: nginx/1.9.6
< Date: Wed, 15 Jun 2016 03:47:01 GMT
< Content-Type: application/json; charset=UTF-8
< Content-Length: 116
< Connection: keep-alive
< Vary: Accept-Encoding
<
* Connection #0 to host xxx.my.host left intact
{"docs":[{"_index":".kibana","_type":"config","_id":"4.5.1","_version":1,"found":true,"_source":{"buildNum":9892}}]}

2. Got 403 forbidden with Chrome/Safari user-agent...

curl -v 'https://xxx.my.host/elasticsearch/_mget?timeout=0&ignore_unavailable=true&preference=1465897339430' -H 'origin: https://xxx.my.host' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5)' -d '{"docs":[{"_index":".kibana","_type":"config","_id":"4.5.1"}]}'
*   Trying 115.x.x.12...
* Connected to xxx.my.host (115.x.x.12) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: *.my.host
* Server certificate: GeoTrust SSL CA - G3
* Server certificate: GeoTrust Global CA
> POST /elasticsearch/_mget?timeout=0&ignore_unavailable=true&preference=1465897339430 HTTP/1.1
> Host: xxx.my.host
> Accept: */*
> origin: https://xxx.my.host
> user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5)
> Content-Length: 62
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 62 out of 62 bytes
< HTTP/1.1 403 Forbidden
< Server: nginx/1.9.6
< Date: Wed, 15 Jun 2016 03:46:08 GMT
< Transfer-Encoding: chunked
< Connection: keep-alive
<
* Connection #0 to host xxx.my.host left intact

将 Elasticsearch 升级到 2.3.3 可以解决。博主在论坛中讨论的原帖:https://discuss.elastic.co/t/got-403-forbidden-with-chrome-user-agent/52812

发表评论

电子邮件地址不会被公开。 必填项已用 * 标注

您可以使用这些 HTML 标签和属性: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>