CSP in Kibana

Hello to all of the elastic team.

I'm trying create a space with the C# code below. The http response suggests that CSP rules are blocking my request

    private void testCreateSpace()
        string spaceJson = "{\"id\": \"alder_id\",\"name\": \"Alder\",\"description\" : \"Teste de criação de space Alder\"}";

        using (var wb = new WebClient())
            wb.Headers.Add("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36");
            wb.Headers.Add("password", "passtest");
            var response = wb.UploadString("http://win-5jrakspu4gn:5601/api/spaces/space", "POST", spaceJson);


I tried the settings on kibana.yml but not successful, the blocking continues

csp.strict: false

Version Kibana 7.8.1
Version Elastic 7.8.1


Can you show the exact error you are running into? In general, CSP rules are enforced on the client, so you should be able to resolve this in your C# code.

Thanks for the quick reply
The response is very long, follow just end of it.

<div class="kbnWelcomeText" data-error-message="Elastic did not load properly. Check the server output for more information.">Loading Elastic</div><div class="kbnProgress"></div></div></div><div class="kbnWelcomeView" id="kbn_legacy_browser_error" style="display:none"><svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" 


 Z"></path></g></svg><h2 class="kbnWelcomeTitle">Please upgrade your browser</h2><div class="kbnWelcomeText">This Elastic installation has strict security requirements enabled that your current browser does not meet.</div></div><script>
            // Since this is an unsafe inline script, this code will not run
            // in browsers that support content security policy(CSP). This is
            // intentional as we check for the existence of __kbnCspNotEnforced__ in
            // bootstrap.
            window.__kbnCspNotEnforced__ = true;
          </script><script src="/bundles/app/core/bootstrap.js"></script></body></html>

I found the error, the kbn-xsrf header was not set.
Authentication was enabled and masked the principal error
Thanks for the answers, helped me to solve the problem

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.