AJAX Preflight Authentication for Kibana dashboard in an iframe

Hey everyone,

I am working on a webpage that will show my Kibana dashboard in an iframe, and I want to send a preflight AJAX request to login to the dashboard before setting the iframe's source. I have been following several posts on here that discuss this, but unfortunately I can't get my code to work. I am working with Kibana 6.8. Please excuse my ignorance, as I am somewhat new to web development.

On document.ready, I run an AJAX POST request that looks like this:

    type: "POST",
    xhrFields: {
        withCredentials: true
    data: "test",
    contentType: "application/x-www-form-urlencoded",
    crossDomain: true,
    beforeSend: function(xhr) {
        xhr.setRequestHeader('Authorization', btoa("username" + ":" + "password"));
    headers: {
        'Access-Control-Allow-Credentials' : true,
        'Access-Control-Allow-Origin': '*',
        'Access-Control-Allow-Methods': 'GET, POST, OPTIONS, PUT, PATCH, DELETE',
        'Access-Control-Allow-Headers': 'X-Requested-With,content-type,Authorization',
    url: "/api/security/v1/login",
    dataType: "json",
    success: ajaxSuccess,
    error: ajaxError

When this request runs, I get a 401 Unauthorized error. I have double checked to make sure that I'm not passing an incorrect username or password. If anyone could help me on this I would really appreciate it, as I am currently stuck.

I'm not 100% sure if this is the only issue on that call, but the first think I can see is that you are missing the Basic part on the authorization header string.

the Authorization header should be something similar to:

Authorization: Basic ZWxhc3RpYzo2RUVFZEVDTUNUTHRIalhudVJqSw==

so in your case I think you have to include:

xhr.setRequestHeader('Authorization', "Basic "+btoa("username" + ":" + "password"));

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.