Auto-authenticate Kibana 5.3 dashboard embedded in iframe

Sorry, @PrabakarKaruppasamy, but I can not reproduce the problem. I performed the following steps:

  • download and unpack the Kibana 5.3.3 archive

  • set server.cors: true in config/kibana.yml

  • start Kibana using bin/kibana

  • send the following request to http://localhost:5601:

      OPTIONS / HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      Access-Control-Request-Method: GET
      Connection: keep-alive
      Content-Length: 0
      Host: localhost:5601
      Origin: http://example.com
      User-Agent: HTTPie/0.9.8
    

I get the response

HTTP/1.1 200 OK
Connection: keep-alive
Date: Tue, 04 Jul 2017 09:24:24 GMT
access-control-allow-headers: Accept,Authorization,Content-Type,If-None-Match
access-control-allow-methods: GET
access-control-allow-origin: http://example.com
access-control-expose-headers: WWW-Authenticate,Server-Authorization
access-control-max-age: 86400
cache-control: no-cache
content-length: 0
kbn-name: kibana
kbn-version: 5.3.3
vary: accept-encoding

which looks like a response with CORS enabled. Maybe you could elaborate in which way your setup deviates from these steps?

Hello,
Sorry first of all I am using Kibana 5.4.0 Version.
I was tried to reproduce the problem in my local environment, but unfortunately I failed.

Set the server.cros:true in config/kibana.yml.

Try to start Kibana using bin/kibana, but facing ValidationError is given below.

 name: 'ValidationError',

details:
[ { message: '"cors" must be an object',
path: 'server.cors',
type: 'object.base',
context: [Object] } ],
_object:
{ pkg:
{ version: '5.4.0',
buildNum: 15063,
buildSha: '75afc9fbb024df55fa01acd1a4c2f76d44961746' },
dev: { basePathProxyTarget: 5603 },
pid: { exclusive: false },
cpu: undefined,
cpuacct: undefined,
server: { port: 5601, host: '0.0.0.0', cors: true } },
annotate: [Function] }

If I remove the config setting for the cros and starting the kibana works fine.
I have checked the dev mode source it is printing as false in console.

Expectation is if the Kibana identifies the running mode (Dev or Prod) as the start time that dev mode needs to print as true.

And you are running Kibana from an extracted tar.gz or installed via rpm or deb?

My local environment (Windows 10) we are running kibana from an extracted zip and our hosted server (Ubuntu) kibana installed via deb.

I am really not sure what else to try. Let me try to summarize the situation to avoid misunderstandings:

  • you are using the official zip and dep packages of Kibana 5.4.0

  • when you add server.cors: true to the kibana.yml you get a "cors" must be an object error when starting Kibana

  • when you change nothing except to set server.cors to an object like

      server.cors:
        origin: ['YOUR', 'ORIGINS', 'HERE']
        credentials: true
    

    you get an error that it expects a boolean when starting Kibana

Is that a correct summary?

Hi,

That summary is correct expect three (server.cros ---> Object ) . As of now we are not trying the third one because we are not running the Kibana in dev mode. Our previous discussion .

We are running the kibana in default mode.

So the third step would qualify as a solution to your problem? There are situations where Kibana considers itself to be running in development mode unless the environment contains NODE_ENV=production. If you are not willing to use the object form of the server.cors setting, you can try setting this environment explicitly. This will be fixed in 6.0.

We are not pretty clear with server.cros setting object. Can you please elaborate the
origin: ['YOUR', 'ORIGINS', 'HERE']

  • What is 'your'

  • What is 'ORIGINS'

  • What is 'HERE'.

Sorry about that. What I meant to express there is that the value of the origin setting is an array of string containing the allowed origins. To quote the hapiJS route documentation:

a strings array of allowed origin servers ('Access-Control-Allow-Origin'). The array can contain any combination of fully qualified origins along with origin strings containing a wildcard '' character, or a single '' origin string. Defaults to any origin ['*'].

We try to set the environment explicitly like set NODE_ENV=production in bin/kibana and configured the server.cros: true in config file, facing same ValidationError is "cors" must be an object.

With bin/kibana being a shell script the variable needs to be exported as in export NODE_ENV="production" in order to be available to child processes.

Can we apply same thing for windows batch file?

I am not very familiar with windows, but according to the documentation adding set NODE_ENV=production to the batch file as you previously suggested should do the trick.

We have added export NODE_ENV="production" in bin/kibana shell script and set cros true in kibana.yml like server.cors: true. We restarted the kibana service, but still getting cros orgin.

Sorry to hear you are still having problems. This is on Ubuntu with Kibana installed using the .deb? Are you using systemd or upstart as the init system there?

Yes we installed via .deb. We are using SysV init system there.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.