Embed Kibana Dashboard via IFrame / csp config

ksremo · December 7, 2021, 2:20pm

hi i want a third webserver to embed a dashboard via iframe, but default csp config denied it.
what i tried so far in the kibana.yml
xpack.security.sameSiteCookies: None
xpack.security.secureCookies: true
csp.strict: false
server.securityResponseHeaders.disableEmbedding: false
csp.rules: ["default-src *"]
#csp.rules: ["default-src https://urlthatembeds.local/"]
#server.customResponseHeaders: {"x-frame-options":"allow-from https://urlthatembeds.local/ "}
server.customResponseHeaders: {"x-frame-options":"allow-from *"}

But it seems that always "x-frame-options: SAMEORIGIN" is sent (but also the custom header)

how to allow these iframes?

azasypkin · December 16, 2021, 1:50pm

What exact error do you observe? Do you see the same behavior in different browsers (e.g. Firefox vs Chrome)?

ksremo · December 16, 2021, 2:09pm

i could solve the problem.
problem was the nginx reverse proxy in front of kibana. he adds "x-frame-options: SAMEORIGIN" header.

azasypkin · December 16, 2021, 2:13pm

Ah, nice, thanks for sharing!

system · January 13, 2022, 2:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
CSP errors when using an Kibana iframe Kibana	20	11081	October 5, 2020
Sharing Kibana Visualization Search as Iframe and running into Issues on Google Chrome Kibana	3	272	December 13, 2022
Embed Kibana (v5.2) Visualization in iFrame X-Frame-Options Kibana	2	5537	September 1, 2017
Content-Security-Policy for embedded kibana dashboards Kibana	3	414	July 15, 2022
Kibana Iframe Share Issue with Xframe and SameSite Cookie Kibana	5	706	February 11, 2023

Embed Kibana Dashboard via IFrame / csp config

Related Topics