Elastic ITSM Connector shows CORS error

Hello Folks,

I have tried to configured Elastic ITSM connector in Kb instance, i get CORS error when i try to create a new connection or add a connection to a rule. When I disabled CORS on browser level , I was able to create the connection but when i try to test the connection i am getting a response in the browser's network tab but the values in the drop down such as (Urgency , Severity , Impact, Category) are not populating in the browser and are hidden.
Please note that i have followed the steps in below documentation to install Elastic ITSM on the SNOW instance. ServiceNow ITSM connector and action | Kibana Guide [7.16] | Elastic
I have tried to add a header Access-Control-Allow-Origin on the SNOW server.

Below is my config for kibana :

apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
  name: kibana
  version: 7.16.3
        disabled: true
        type: LoadBalancer
  count: 4
    name: elasticsearch
      maxPayloadBytes: 4294967296
      cors.enabled: true
      cors.allowOrigin: ["https://domain"]
      cors.allowCredentials: true
         Access-Control-Allow-Origin: "https://domain"

Below is the screen shots of the issue.

I am hopeful there is some settings that i have to configure in order to have this working. Any guidance is very appreciated.

I have upgraded ES , KB to 7.17.0 the error now is 500 Internal Server Error.

> General
Request URL: https://domain/api/actions/connector/dca18eb0-7fbb-11ec-b063-513931ce911a/_execute
Request Method: POST
Status Code: 500 Internal Server Error
Remote Address: xx.xxx.xx.xx:443
Referrer Policy: no-referrer-when-downgrade
> Response Headers

HTTP/1.1 500 Internal Server Error
Date: Tue, 08 Feb 2022 12:55:00 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 97
Connection: keep-alive
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
kbn-name: kibana
cache-control: private, no-cache, no-store, must-revalidate
> Request Headers
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Content-Length: 123
Content-Type: application/json
Cookie: sid=
Host: domain
kbn-version: 7.17.0
Origin: https://domain
Referer: https://domain/app/management/insightsAndAlerting/triggersActions/connectors
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Sec-GPC: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36

My Guess is it is blocked at the browser due to Content Security Policy blocks inline execution of scripts and stylesheets.

If anyone can confirm that and provide an alternative solution or a way around, it would be really helpful and deeply appreciated.

I have notices there is an open issue for the CSP error in kibana.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.