Add support for CORS (elasticsearch.yml and kibana.yml) #2683
Description
Could we add the CORS options as values to override in our profile for elasticsearch.yml and kibana.yml?
Relates to: #1279
Reference to the fields available:
http.cors.allow-origin: "*"
http.cors.enabled: true
http.cors.allow-credentials: true
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: X-Requested-With, X-Auth-Token, Content-Type, Content-Length, Authorization, Access-Control-Allow-Headers, Accept, x-elastic-client-metaserver.cors.enabled: true
server.cors.allowCredentials: true
server.cors.allowOrigin: ["origin1", "origin2"]server.cors.enabled
Set to true to allow cross-origin API calls. Default: false. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
server.cors.allowCredentials
Set to true to allow browser code to access response body whenever request performed with user credentials. Default: false. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
server.cors.allowOrigin
experimental::[] List of origins permitted to access resources. You must specify explicit hostnames and not use server.cors.allowOrigin: [""] when server.cors.allowCredentials: true. Default: [""]