Can't embed instagram post on custom plugin visualization

I am creating a kibana plugin that embeds an instagram post and receiving this error:

C:\Users\User\Documents\Projects\kibana\plugins\kbn_tp_custom_visualizations\node_modules\react-instagram-embed\lib\index.js:135 Refused to load the script '' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'nonce-CqL6nSDD5P//hIcm'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

I am aware that i need to add a csp rule to the kibana.yml file, i have tried the following:


Welcome to our community!

Let me see if @Larry_Gregory can help out with this.


1 Like

Hi Jessica,

I think you may have had trouble because Kibana needs the script-src directive to have both 'unsafe-eval' and 'self'.

Try adding this to your kibana.yml file:

 - "script-src 'unsafe-eval' 'self'"

Note, the rule uses the "HTTPS" version of that URL, which is highly recommended. You should update your plugin to use that as well.

Hope that helps,


Thank you, it is working now!

I have also figured out that the lib that i am using react-instagram-embed makes requests on both HTTP's and HTTPS's version of that url, that was confusing me too.




This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.