Call External REST API from Kibana Plugin

My question is very similar to this thread: How to call external web service from Kibana Plugin?

However, I don't have control over this api so I cant change what headers/origin it accepts. The external REST api accepts all origins. However, the cors preflight check when I try an ajax call fails because kbn-version is in access-control-request-header.

Actual Error:
request header field kbn-version is not allowed by Access-Control-Allow-Headers in preflight response.

Is there a way I can remove this header when I make an ajax call from my plugin's controller.js



API Call

url: ''
}).then(function (data) {
$scope.title = data.title;
$scope.summary = data.extract_html;

Request Headers
accept-encoding:gzip, deflate, br
user-agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.94 Chrome/62.0.3202.94 Safari/537.36

I accidently placed this in the X-Pack section, please let me know if I should report in Kibana section.

Adding a kbnXsrfToken flag to the options of the HTTP call should do the trick.

If you were to use the Angular $http service (for no reason other than I personally see it more often), it would look like:

uiModule.controller('myView', ($injector, $scope) => {
  const $http = $injector.get('$http');
  const options = {
    method: 'GET',
    url: '',
    kbnXsrfToken: false,

  $http(options).then(result => {
    $scope.resultData =;

1 Like

Thanks @tsullivan! It worked brilliantly.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.