Elasticcloud-Kibana, iframe auto authentication CORS

Hello, I am trying to get Kibana chart to appear inside an iframe of my web app. The browser attempt a CORS request to get cookie before the iframe:
POST to:
[kibana-host]/api/security/v1/login , with kbn-version in header and body:
{ username : user , password: pass },
However, the preflight CORS request failed with error:
OPTIONS request with code 404.
Response for preflight does not have HTTP ok status.

I tried these settings:
server.cors : true
server.cors : "origin : ['']"
server.cors.origin : "

in kibana.yml , is there an option to allow CORS for specific domain, for Kibana on ealsticcloud?

It does not look like nginx reverse proxy is an option, or does it?


1 Like

Hey @betatester, are you trying to always authenticate as the same user, because if that's the case than an nginx reverse-proxy that supplies the basic authentication headers is your best bet.

Unfortunately, Kibana's current login endpoints aren't configured to allow CORS requests to log the user in, so if you're looking to dynamically log users in, creating a Kibana plugin is your best bet, but it's a significantly higher amount of effort.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.