kibana + elasticsearch 使用 Chrome/safari 请求 403 forbidden

elasticsearch 版本 2.3.1

由于 Elasticsearch 在处理 CORS 的一个BUG,kibana 在 firefox 上是正常,使用 chrome / safari 则会报错

  1. Normal user-agent is ok
    curl -v 'https://xxx.my.host/elasticsearch/_mget?timeout=0&ignore_unavailable=true&preference=1465897339430' -H 'origin: https://xxx.my.host' -H 'user-agent: Rajax/1 Redmi_3/ido Android/5.1.1 Display/LMY47V Eleme/5.10.2 ID/fa0ef395-659a-3150-b347-f258248013af; KERNEL_VERSION:3.10.49-perf-g6241083 API_Level:22 Mozilla/5.0 (Linux; Android 5.1.1; Redmi 3 Build/LMY47V; wv)' -d '{"docs":[{"_index":".kibana","_type":"config","_id":"4.5.1"}]}'
    *   Trying 115.x.x.42...
    * Connected to xxx.my.host (115.x.x.42) port 443 (#0)
    * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    * Server certificate: *.ele.me
    * Server certificate: GeoTrust SSL CA - G3
    * Server certificate: GeoTrust Global CA
    > POST /elasticsearch/_mget?timeout=0&ignore_unavailable=true&preference=1465897339430 HTTP/1.1
    > Host: xxx.my.host
    > Accept: */*
    > origin: https://xxx.my.host
    > user-agent: Rajax/1 Redmi_3/ido Android/5.1.1 Display/LMY47V Eleme/5.10.2 ID/fa0ef395-659a-3150-b347-f258248013af; KERNEL_VERSION:3.10.49-perf-g6241083 API_Level:22 Mozilla/5.0 (Linux; Android 5.1.1; Redmi 3 Build/LMY47V; wv)
    > Content-Length: 62
    > Content-Type: application/x-www-form-urlencoded
    >
    * upload completely sent off: 62 out of 62 bytes
    < HTTP/1.1 200 OK
    < Server: nginx/1.9.6
    < Date: Wed, 15 Jun 2016 03:47:01 GMT
    < Content-Type: application/json; charset=UTF-8
    < Content-Length: 116
    < Connection: keep-alive
    < Vary: Accept-Encoding
    <
    * Connection #0 to host xxx.my.host left intact
    {"docs":[{"_index":".kibana","_type":"config","_id":"4.5.1","_version":1,"found":true,"_source":{"buildNum":9892}}]}
    

  2. Got 403 forbidden with Chrome/Safari user-agent…

    curl -v 'https://xxx.my.host/elasticsearch/_mget?timeout=0&ignore_unavailable=true&preference=1465897339430' -H 'origin: https://xxx.my.host' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5)' -d '{"docs":[{"_index":".kibana","_type":"config","_id":"4.5.1"}]}'
    *   Trying 115.x.x.12...
    * Connected to xxx.my.host (115.x.x.12) port 443 (#0)
    * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    * Server certificate: *.my.host
    * Server certificate: GeoTrust SSL CA - G3
    * Server certificate: GeoTrust Global CA
    > POST /elasticsearch/_mget?timeout=0&ignore_unavailable=true&preference=1465897339430 HTTP/1.1
    > Host: xxx.my.host
    > Accept: */*
    > origin: https://xxx.my.host
    > user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5)
    > Content-Length: 62
    > Content-Type: application/x-www-form-urlencoded
    >
    * upload completely sent off: 62 out of 62 bytes
    < HTTP/1.1 403 Forbidden
    < Server: nginx/1.9.6
    < Date: Wed, 15 Jun 2016 03:46:08 GMT
    < Transfer-Encoding: chunked
    < Connection: keep-alive
    <
    * Connection #0 to host xxx.my.host left intact
    

将 Elasticsearch 升级到 2.3.3 可以解决。博主在论坛中讨论的原帖:https://discuss.elastic.co/t/got-403-forbidden-with-chrome-user-agent/52812

Advertisements

发表评论

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / 更改 )

Twitter picture

You are commenting using your Twitter account. Log Out / 更改 )

Facebook photo

You are commenting using your Facebook account. Log Out / 更改 )

Google+ photo

You are commenting using your Google+ account. Log Out / 更改 )

Connecting to %s