Embed dashboard/visualization doesn't work if 3rd party cookie site data is blocked

liujinmarshall · December 12, 2018, 1:50am

We're deploying 6.3.2 with docker deployment. Some of our users reported that if they have blocked third party cookie and site data, all the dashboard/visualization embedded in other HTML would show such error message:

Version: 6.3.2
Build: 17307
Error: Uncaught SecurityError: Failed to read the 'sessionStorage' property from 'Window': Access is denied for this document. (http://*******/bundles/commons.bundle.js:3)
at window.onerror (http://*********o/bundles/commons.bundle.js:3:778155)

The only configs (via environment variables) are:

    - name: ELASTICSEARCH_URL
      value: http://xxxxxxxxxxxxx:9200
    - name: XPACK_MONITORING_UI_ENABLED
      value: "true"

And there's a similar issue reported 18 months ago but doesn't get a response.

Is there any workaround?

Brandon_Kobel · December 12, 2018, 9:04pm

Would you mind clarifying what you mean by this?

liujinmarshall · December 13, 2018, 12:10am

Hi,

I mean I embed a dashboard or a visualization from Kibana in other site within a <iframe src="<kibana_dashboard_iframe_url_from_sharing">

Brandon_Kobel · December 13, 2018, 12:42am

Gotcha. The disable third-party cookies settings is restricting the access to read/write to sessionStorage as well when Kibana is hosted in an iframe. I'd recommend opening up an Issue in our GitHub to request the ability to use Kibana in this context, as there are quite a few things that rely on this ability currently, and there isn't a graceful fallback.

system · January 10, 2019, 12:42am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.