We embed Kibana within an Iframe in our application and forward the requests to Kibana server with basic authentications scheme.
This used to work in version 6.8.1 but when i upgrade to 7.10.1 the request to /app/kibana is redirecting to /app/dashboard_mode which is timing out eventually.
The following are the logs from kibana.log
{"type":"log","@timestamp":"2021-01-08T11:35:44Z","tags":["debug","http","server","Kibana","cookie-session-storage"],"pid":4703,"message":"Error: Unauthorized"} {"type":"log","@timestamp":"2021-01-08T11:35:44Z","tags":["debug","plugins","security","basic","basic"],"pid":4703,"message":"Trying to authenticate user request to /app/kibana."} {"type":"log","@timestamp":"2021-01-08T11:35:44Z","tags":["debug","plugins","security","basic","basic"],"pid":4703,"message":"Cannot authenticate requests with
Authorization header."} {"type":"log","@timestamp":"2021-01-08T11:35:44Z","tags":["debug","plugins","security","http"],"pid":4703,"message":"Trying to authenticate user request to /app/kibana."} {"type":"log","@timestamp":"2021-01-08T11:35:44Z","tags":["debug","plugins","security","http"],"pid":4703,"message":"Request to /app/kibana has been authenticated via authorization header with \"Basic\" scheme."} {"type":"log","@timestamp":"2021-01-08T11:35:44Z","tags":["debug","plugins","security","app-authorization"],"pid":4703,"message":"authorizing access to \"kibana\""} {"type":"log","@timestamp":"2021-01-08T11:35:44Z","tags":["debug","plugins","security","app-authorization"],"pid":4703,"message":"authorized for \"kibana\""} {"type":"response","@timestamp":"2021-01-08T11:35:44Z","tags":[],"pid":4703,"method":"get","statusCode":302,"req":{"url":"/app/kibana","method":"get","headers":{"host":"10.96.2.19:8030","connection":"keep-alive","upgrade-insecure-requests":"1","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","sec-fetch-site":"same-origin","sec-fetch-mode":"navigate","sec-fetch-dest":"iframe","sec-ch-ua":"\"Google Chrome\";v=\"87\", \" Not;A Brand\";v=\"99\", \"Chromium\";v=\"87\"","sec-ch-ua-mobile":"?0","referer":"https://10.96.2.19:8030/","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7"},"remoteAddress":"127.0.0.1","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36","referer":"https://10.96.2.19:8030/"},"res":
{"statusCode":302,"responseTime":12,"contentLength":9},"message":"GET /app/kibana 302 12ms - 9.0B"}
The same via cURL returns the following response
HTTP/1.1 302
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Frame-Options: sameorigin
location: /xx/yy/zz/app/dashboard_mode
x-frame-options: SAMEORIGIN
kbn-name: ip-10-96-2-19
kbn-license-sig: ca5cbe96c1682c0374daf9e5f40cfb6a7e80100c2c4a704accaff6a1bc6b172a
cache-control: private, no-cache, no-store, must-revalidate
Date: Fri, 08 Jan 2021 11:57:49 GMT
Connection: keep-alive, keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Content-Type: text/html
Content-Length: 0
Keep-Alive: timeout=60
Questions
1 : Why is this redirection happening in 7.10.1 when it was not happening in 6.8.1 ?
2 : What is /app/dashboard_mode
Any help is appreciated