hi i want a third webserver to embed a dashboard via iframe, but default csp config denied it.
what i tried so far in the kibana.yml
xpack.security.sameSiteCookies: None
xpack.security.secureCookies: true
csp.strict: false
server.securityResponseHeaders.disableEmbedding: false
csp.rules: ["default-src *"]
#csp.rules: ["default-src https://urlthatembeds.local/"]
#server.customResponseHeaders: {"x-frame-options":"allow-from https://urlthatembeds.local/ "}
server.customResponseHeaders: {"x-frame-options":"allow-from *"}
But it seems that always "x-frame-options: SAMEORIGIN" is sent (but also the custom header)
how to allow these iframes?