CSP blocking Kibana

Kibana now has experimental support for a more restrictive Content Security Policy(CSP).

Hi, how can I disable it? Since update to 8.3 I have problems with view Kibana because of CSP blocking content in new Chrome. Please help ASAP.

There is nginx reverse proxy behind, however even direct Kibana testing didn't work because of this new CSP.

Elastic did not load properly. Check the server output for more information.

If I try remove this CSP on reverse proxy then got error from Kibana:

Please upgrade your browser
This Elastic installation has strict security requirements enabled that your current browser does not meet.

Your error doesn't appear to be related to the CSP. The CSP error you see in the console is expected, and it's unrelated to the experimental support that shipped in 8.3 (which is disabled by default).

As for the other error you're seeing, ERR_INCOMPLETE_CHUNKED_ENCODING could be the result of a problem in NGINX, antivirus software, or something else external to Kibana: php - Chrome net::ERR_INCOMPLETE_CHUNKED_ENCODING error - Stack Overflow

But problem exist for other people too, even when direct connect to Kibana - without Nginx between.

On 8.2 it works, on 8.3 didn't :frowning:

EDIT:
After testing, I have same CSP errors on older versions and everything work correct. Just because of unknow reasons after update to 8.3 kibana stoped working. System services works fine, no error. I can direct connect to ES and it work ok.

After system restart it works, weird.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.