Disable dynamic scripting

dgoodlad · dgoodlad · commit 692bf1cbdad1 · 2014-04-26T09:42:05.000+02:00
Given that ES has CORS enabled for *all hosts*, this is a nasty attack
vector. Let's turn it off.
diff --git a/templates/elasticsearch.yml.erb b/templates/elasticsearch.yml.erb
@@ -41,3 +41,6 @@ discovery:
       unicast:
         hosts:
           - <%= @host %>:<%= @transport_port %>
+
+script:
+  disable_dynamic: true
