Elastic ITSM Connector shows CORS error

Elastic Orchestration Elastic Cloud on Kubernetes (ECK)
1

Hello Folks,

I have tried to configured Elastic ITSM connector in Kb instance, i get CORS error when i try to create a new connection or add a connection to a rule. When I disabled CORS on browser level , I was able to create the connection but when i try to test the connection i am getting a response in the browser's network tab but the values in the drop down such as (Urgency , Severity , Impact, Category) are not populating in the browser and are hidden.
Please note that i have followed the steps in below documentation to install Elastic ITSM on the SNOW instance. ServiceNow ITSM connector and action | Kibana Guide [7.16] | Elastic
I have tried to add a header Access-Control-Allow-Origin on the SNOW server.

Below is my config for kibana :

apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
  name: kibana
spec:
  version: 7.16.3
  http:
    tls:
      selfSignedCertificate:
        disabled: true
    service:
      spec:
        type: LoadBalancer
  count: 4
  elasticsearchRef:
    name: elasticsearch
  config:
     server:
      maxPayloadBytes: 4294967296
      cors.enabled: true
      cors.allowOrigin: ["https://domain"]
      cors.allowCredentials: true
      customResponseHeaders:
         Access-Control-Allow-Origin: "https://domain"

Below is the screen shots of the issue.

image
image1920×1461 104 KB

image
image1920×1334 100 KB

I am hopeful there is some settings that i have to configure in order to have this working. Any guidance is very appreciated.

2

I have upgraded ES , KB to 7.17.0 the error now is 500 Internal Server Error.


> General

Request URL: https://domain/api/actions/connector/dca18eb0-7fbb-11ec-b063-513931ce911a/_execute
Request Method: POST
Status Code: 500 Internal Server Error
Remote Address: xx.xxx.xx.xx:443
Referrer Policy: no-referrer-when-downgrade

> Response Headers


HTTP/1.1 500 Internal Server Error
Date: Tue, 08 Feb 2022 12:55:00 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 97
Connection: keep-alive
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
kbn-name: kibana
kbn-license-sig: 
cache-control: private, no-cache, no-store, must-revalidate

> Request Headers

Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Content-Length: 123
Content-Type: application/json
Cookie: sid=
Host: domain
kbn-version: 7.17.0
Origin: https://domain
Referer: https://domain/app/management/insightsAndAlerting/triggersActions/connectors
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Sec-GPC: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36

image
image932×427 20.8 KB

3

My Guess is it is blocked at the browser due to Content Security Policy blocks inline execution of scripts and stylesheets.

If anyone can confirm that and provide an alternative solution or a way around, it would be really helpful and deeply appreciated.

I have notices there is an open issue for the CSP error in kibana.