Auto-authenticate Kibana 5.3 dashboard embedded in iframe

weltenwort · July 4, 2017, 9:33am

Sorry, @PrabakarKaruppasamy, but I can not reproduce the problem. I performed the following steps:

download and unpack the Kibana 5.3.3 archive
set server.cors: true in config/kibana.yml
start Kibana using bin/kibana

send the following request to http://localhost:5601:

  OPTIONS / HTTP/1.1
  Accept: */*
  Accept-Encoding: gzip, deflate
  Access-Control-Request-Method: GET
  Connection: keep-alive
  Content-Length: 0
  Host: localhost:5601
  Origin: http://example.com
  User-Agent: HTTPie/0.9.8

I get the response

HTTP/1.1 200 OK
Connection: keep-alive
Date: Tue, 04 Jul 2017 09:24:24 GMT
access-control-allow-headers: Accept,Authorization,Content-Type,If-None-Match
access-control-allow-methods: GET
access-control-allow-origin: http://example.com
access-control-expose-headers: WWW-Authenticate,Server-Authorization
access-control-max-age: 86400
cache-control: no-cache
content-length: 0
kbn-name: kibana
kbn-version: 5.3.3
vary: accept-encoding

which looks like a response with CORS enabled. Maybe you could elaborate in which way your setup deviates from these steps?

PrabakarKaruppasamy · July 4, 2017, 1:27pm

Hello,
Sorry first of all I am using Kibana 5.4.0 Version.
I was tried to reproduce the problem in my local environment, but unfortunately I failed.

Set the server.cros:true in config/kibana.yml.

Try to start Kibana using bin/kibana, but facing ValidationError is given below.

 name: 'ValidationError',

details:
[ { message: '"cors" must be an object',
path: 'server.cors',
type: 'object.base',
context: [Object] } ],
_object:
{ pkg:
{ version: '5.4.0',
buildNum: 15063,
buildSha: '75afc9fbb024df55fa01acd1a4c2f76d44961746' },
dev: { basePathProxyTarget: 5603 },
pid: { exclusive: false },
cpu: undefined,
cpuacct: undefined,
server: { port: 5601, host: '0.0.0.0', cors: true } },
annotate: [Function] }

If I remove the config setting for the cros and starting the kibana works fine.
I have checked the dev mode source it is printing as false in console.

Expectation is if the Kibana identifies the running mode (Dev or Prod) as the start time that dev mode needs to print as true.

weltenwort · July 4, 2017, 4:08pm

And you are running Kibana from an extracted tar.gz or installed via rpm or deb?

PrabakarKaruppasamy · July 5, 2017, 8:18am

My local environment (Windows 10) we are running kibana from an extracted zip and our hosted server (Ubuntu) kibana installed via deb.

weltenwort · July 5, 2017, 9:17am

I am really not sure what else to try. Let me try to summarize the situation to avoid misunderstandings:

you are using the official zip and dep packages of Kibana 5.4.0
when you add server.cors: true to the kibana.yml you get a "cors" must be an object error when starting Kibana
when you change nothing except to set server.cors to an object like
```
  server.cors:
    origin: ['YOUR', 'ORIGINS', 'HERE']
    credentials: true
```
you get an error that it expects a boolean when starting Kibana

Is that a correct summary?

PrabakarKaruppasamy · July 5, 2017, 9:57am

Hi,

That summary is correct expect three (server.cros ---> Object ) . As of now we are not trying the third one because we are not running the Kibana in dev mode. Our previous discussion .

We are running the kibana in default mode.

weltenwort · July 5, 2017, 10:20am

So the third step would qualify as a solution to your problem? There are situations where Kibana considers itself to be running in development mode unless the environment contains NODE_ENV=production. If you are not willing to use the object form of the server.cors setting, you can try setting this environment explicitly. This will be fixed in 6.0.

PrabakarKaruppasamy · July 5, 2017, 10:42am

We are not pretty clear with server.cros setting object. Can you please elaborate the
origin: ['YOUR', 'ORIGINS', 'HERE']

What is 'your'
What is 'ORIGINS'
What is 'HERE'.

weltenwort · July 5, 2017, 3:03pm

Sorry about that. What I meant to express there is that the value of the origin setting is an array of string containing the allowed origins. To quote the hapiJS route documentation:

a strings array of allowed origin servers ('Access-Control-Allow-Origin'). The array can contain any combination of fully qualified origins along with origin strings containing a wildcard '' character, or a single '' origin string. Defaults to any origin ['*'].

PrabakarKaruppasamy · July 6, 2017, 7:42am

We try to set the environment explicitly like set NODE_ENV=production in bin/kibana and configured the server.cros: true in config file, facing same ValidationError is "cors" must be an object.

weltenwort · July 6, 2017, 8:57am

With bin/kibana being a shell script the variable needs to be exported as in export NODE_ENV="production" in order to be available to child processes.

PrabakarKaruppasamy · July 10, 2017, 11:29am

Can we apply same thing for windows batch file?

weltenwort · July 10, 2017, 5:55pm

I am not very familiar with windows, but according to the documentation adding set NODE_ENV=production to the batch file as you previously suggested should do the trick.

PrabakarKaruppasamy · July 11, 2017, 8:35am

We have added export NODE_ENV="production" in bin/kibana shell script and set cros true in kibana.yml like server.cors: true. We restarted the kibana service, but still getting cros orgin.

weltenwort · July 12, 2017, 12:55pm

Sorry to hear you are still having problems. This is on Ubuntu with Kibana installed using the .deb? Are you using systemd or upstart as the init system there?

PrabakarKaruppasamy · July 13, 2017, 8:00am

Yes we installed via .deb. We are using SysV init system there.

system · August 10, 2017, 8:00am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.