Embed Kibana Dashboard via IFrame / csp config

ksremo · December 7, 2021, 2:20pm

hi i want a third webserver to embed a dashboard via iframe, but default csp config denied it.
what i tried so far in the kibana.yml
xpack.security.sameSiteCookies: None
xpack.security.secureCookies: true
csp.strict: false
server.securityResponseHeaders.disableEmbedding: false
csp.rules: ["default-src *"]
#csp.rules: ["default-src https://urlthatembeds.local/"]
#server.customResponseHeaders: {"x-frame-options":"allow-from https://urlthatembeds.local/ "}
server.customResponseHeaders: {"x-frame-options":"allow-from *"}

But it seems that always "x-frame-options: SAMEORIGIN" is sent (but also the custom header)

how to allow these iframes?

azasypkin · December 16, 2021, 1:50pm

What exact error do you observe? Do you see the same behavior in different browsers (e.g. Firefox vs Chrome)?

ksremo · December 16, 2021, 2:09pm

i could solve the problem.
problem was the nginx reverse proxy in front of kibana. he adds "x-frame-options: SAMEORIGIN" header.

azasypkin · December 16, 2021, 2:13pm

Ah, nice, thanks for sharing!

system · January 13, 2022, 2:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
CSP errors when using an Kibana iframe Kibana	20	11143	October 5, 2020
Sharing Kibana Visualization Search as Iframe and running into Issues on Google Chrome Kibana	3	277	December 13, 2022
Embed Kibana (v5.2) Visualization in iFrame X-Frame-Options Kibana	2	5539	September 1, 2017
Kibana in iFrame Cross-Origin Kibana	4	1724	January 10, 2017
Content-Security-Policy for embedded kibana dashboards Kibana	3	415	July 15, 2022

Embed Kibana Dashboard via IFrame / csp config

Related topics