Can't embed instagram post on custom plugin visualization

Jessica_Langanz · March 18, 2020, 7:45pm

I am creating a kibana plugin that embeds an instagram post and receiving this error:

C:\Users\User\Documents\Projects\kibana\plugins\kbn_tp_custom_visualizations\node_modules\react-instagram-embed\lib\index.js:135 Refused to load the script 'http://platform.instagram.com/en_US/embeds.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'nonce-CqL6nSDD5P//hIcm'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

I am aware that i need to add a csp rule to the kibana.yml file, i have tried the following:

"script-src 'unsafe-eval' http://platform.instagram.com/en_US/embeds.js"
"script-src 'self' http://platform.instagram.com/en_US/embeds.js"
"script-src http://platform.instagram.com/en_US/embeds.js"

LizaD · March 18, 2020, 8:40pm

@Jessica_Langanz,

Welcome to our community!

Let me see if @Larry_Gregory can help out with this.

Thanks,
Liza

jportner · March 19, 2020, 7:12pm

Hi Jessica,

I think you may have had trouble because Kibana needs the script-src directive to have both 'unsafe-eval' and 'self'.

Try adding this to your kibana.yml file:

csp.rules:
 - "script-src 'unsafe-eval' 'self' https://platform.instagram.com/en_US/embeds.js"

Note, the rule uses the "HTTPS" version of that URL, which is highly recommended. You should update your plugin to use that as well.

Hope that helps,
-Joe

Jessica_Langanz · March 19, 2020, 7:30pm

Thank you, it is working now!

I have also figured out that the lib that i am using react-instagram-embed makes requests on both HTTP's and HTTPS's version of that url, that was confusing me too.

TY

-Jess

system · April 16, 2020, 7:30pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.