Csp error for custom kibana login page

heeyy i am using a custom plugin for my kibana that changes the login page to give a custom look but i am getting an errror relating to csp

Hi @Karan_Lobo,

Welcome to the community! Which version of Kibana are you using?

I've not created a plugin myself, but looking at this similar issue it might be either a path issue, a conflicting id or a cache issue. Can you try the steps in that thread and see if that solves your issue?

Let us know how it goes!

Hi thanks for the reply and ii am sorry for not specifying my project.
I was following this custom kibana theme plugin on kibana 8.10.2
GitHub - lizozom/custom-kibana-theme: Customize Kibana's appearance (logos, icons, texts and more)
After following all the steps and deploying kibana i was getting the csp error saying that i had to allow inline csp headers . I also read a thread saying to fix this issue i had to go to src/scripts/index.ts file and use the hash code generated to add :
export const DEFAULT_CSP_RULES = Object.freeze([ script-src 'unsafe-eval' 'self' 'sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE=']); in it , however i could not find index.ts file in kibana 8.10.2

Thanks for confirming @Karan_Lobo. That looks to be a community maintained plugin that hasn't been updated since January. I see from the the commits that changes to make it compatible for v8.3, but it could be that perhaps more recent compatible changes haven't been applied.

I'm not sure which thread you're looking at, but I did find this one that refers to changing kibana/src/server/csp/index.ts. In 8.10 I see the equivalent exposed types are included in src/core/server/index.ts so perhaps you could try including the constant there?

If not I would recommend raising an issue against the plugin repository itself.

Hope that helps!

yeah sorry but it still did not work , is it even possible to change the login page in the free version of kibana 8.10.2 on windows without the custom branding feature??

The custom branding feature is a licensed feature, so not available on the free tier sadly. Th change the theme on free version you would need to use a plugin, either the one you found if compatible or building your own.

Have you tried raising an issue on the repo or reaching out to the contributors to see if they can help?

hey sorry for the late response but i tried some things and i added the csp path in my kibana.yaml file
style_src: [............]
font_src: [.............]
script_src: ["'unsafe-eval'", "'self'", "'sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='"]

- ....................(no links can be shared)

The thing is the csp error went away and now i am stuck with this error :

plss help

Hi @Karan_Lobo,

Which browser are you using? Can you check the console in the browser developer tools to get the precise error?

Depending on the precise error and the browsers you need to support you may need to configure your CSP settings as per the documentation and this StackOverflow thread.

hey @carly.richmond thank you so much for all the help so far, i did find a way to go about the issue unfortunately, the cons far outweigh the pros. I am regretfully canning the project , and thanks again for the support.

Sorry to hear @Karan_Lobo. If you found some useful resources for the approach do feel free to share them for others in case they would be useful.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.