Call External REST API from Kibana Plugin

My question is very similar to this thread: How to call external web service from Kibana Plugin?

However, I don't have control over this api so I cant change what headers/origin it accepts. The external REST api accepts all origins. However, the cors preflight check when I try an ajax call fails because kbn-version is in access-control-request-header.

Actual Error:
request header field kbn-version is not allowed by Access-Control-Allow-Headers in preflight response.

Is there a way I can remove this header when I make an ajax call from my plugin's controller.js

Thanks,

Alex

API Call

$.ajax({
url: 'https://en.wikipedia.org/api/rest_v1/page/summary/Supercapacitor?redirect=true'
}).then(function (data) {
$scope.title = data.title;
$scope.summary = data.extract_html;
$element.trigger('renderComplete');
});

Request Headers

:authority:en.wikipedia.org
:method:OPTIONS
:path:/api/rest_v1/page/summary/Supercapacitor?redirect=true
:scheme:https
accept:/
accept-encoding:gzip, deflate, br
accept-language:en-US,en;q=0.9
access-control-request-headers:kbn-version
access-control-request-method:GET
origin:http://10.108.21.121:5601
user-agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.94 Chrome/62.0.3202.94 Safari/537.36

I accidently placed this in the X-Pack section, please let me know if I should report in Kibana section.

Adding a kbnXsrfToken flag to the options of the HTTP call should do the trick.

If you were to use the Angular $http service (for no reason other than I personally see it more often), it would look like:

uiModule.controller('myView', ($injector, $scope) => {
  const $http = $injector.get('$http');
  const options = {
    method: 'GET',
    url: 'https://en.wikipedia.org/api/rest_v1/page/summary/Supercapacitor?redirect=true',
    kbnXsrfToken: false,
  };

  $http(options).then(result => {
    $scope.resultData = result.data;
  });
});

1 Like

Thanks @tsullivan! It worked brilliantly.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.