I faced this issue when I used my web application to send AJAX request to get data from Elasticsearch. The web application was deployed in Apache Tomcat (port 8080 was used).
XMLHttpRequest cannot load http://localhost:9200/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access.
Elasticsearch by default will not allow cross domain requests. To solve this we have to enable CORS (Cross-Origin Resource Sharing) in Elasticsearch configuration file (ES_HOME/config/elasticsearch.yml). Add the following content to the configuration file.
http.cors.allow-methods : OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers : X-Requested-With,X-Auth-Token,Content-Type, Content-Length