CORS error when attempting to access Kibana/ElasticSearch URL

Hello,

I'm dealing with an issue in which i'm trying to make a call to my Kibana URL from my localhost and it's being blocked. The error is

Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

My settings in my ElasticSearch nodes are:

http.cors.enabled: true
http.cors.allow-origin: "http://localhost:4200"
http.cors.allow-credentials: true
http.cors.allow-headers: "Authorization, kbn-xsrf, Content-Type, Content-Length, X-Requested-With"

And in my Kibana instance:

server.cors: true
server.cors.origin: "*"

The code that I am attempting to pass through is:

const headers = new HttpHeaders({
       'Content-Type': 'application/json',
       'kbn-xsrf': '6.5.4' });
    const options = { headers: headers };

    this.http.post(
      'https://investc-policydashboard.drlteam.net/api/security/v1/login',
      { username: 'user', password: 'password' },
      options
    ).map(res => res).subscribe(() => console.log('Sent request to Kibana to log in.'));

It may be important to note that i'm configuring this on Linux Centos and the Kibana instance and my 3 ElasticSearch instances have separate nodes.. equaling to 4 virtual machines. They are behind a proxy which to be specific is the Azure Application Gateway.

Any help would be appreciated. Thank you

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.