We’re currently working on embedding Kibana dashboards (hosted on Elastic Cloud) into our internal company portal via an iframe, and we’re running into a couple of key challenges:
CORS issues:
Kibana and our portal are hosted on different domains, and browser CORS policies are blocking XHR/fetch calls within the embedded iframe. I’ve seen discussions about updating the kibana.yml
file, but I believe we don't have that flexibility since we're using Elastic Cloud.
Is there any way to configure settings like xpack.security.sameSiteCookies
, basePath
, etc., in a cloud-hosted Kibana environment?
Iframe Styling Limitations:
Due to the Same-Origin Policy, we’re unable to style or modify the Kibana iframe (e.g., apply branding or CSS changes).
- Are there any Elastic-supported options to customize the embedded Kibana UI?
- Is using a reverse proxy a viable solution in Elastic Cloud?
When testing locally, it seemed like we would need to reverse proxy all requests Kibana makes, which may be complex.
Any guidance on best practices for securely embedding Kibana with support for custom branding would be greatly appreciated.