FATAL Error: [config validation of [server].cors]: expected value of type [boolean] but got [Object]

After updating the ELK from version 7.6.1 to 7.9.2, the kibana does not start, presenting the errors:

kibana: FATAL Error: [config validation of [server].cors]: expected value of type [boolean] but got [Object]

{"type":"log","@timestamp":"2020-11-06T13:21:59Z","tags":["warning","legacy-plugins"],"pid":890,"path":"/usr/share/kibana/src/legacy/core_plugins/console","message":"Skipping non-plugin directory at /usr/share/kibana/src/legacy/core_plugins/console"}

Configuration of the elasticsearch.yml file:

http.port: 9200
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-credentials: true
http.cors.allow-methods: OPTIONS,HEAD,GET,POST,PUT,DELETE
http.cors.allow-headers: kbn-version,kbn-xsrf,Origin,X-Requested-With,Content-Type,Accept,Engaged-Auth-Token,Content-Length,Authorization

Kibana.yml configuration:

server.cors: true
server.cors.origin: ["*"]
server.cors.additionalHeaders: ["kbn-version","kbn-xsrf","cookie","Origin","X-Requested-With","Content-Type","Accept","Engaged-Auth-Token","Content-Length","Authorization"]
server.cors.credentials: true

Http_tools.js file configuration:

cors: { additionalHeaders: ['kbn-version','kbn-xsrf','cookie'], origin: ['*'], credentials: true },

Note: I have a dashboard embedded in a web application, in the previous version it worked normally, I'm skipping the kibana login, as it is different from the application login.

Can anyone help me?

1 Like

Only server.cors (boolean) is a valid Kibana configuration option in 7.9.

server.cors.origin server.cors.additionalHeaders are not (but were also not in 7.6 if I'm not mistaking)

We are an open issue to improve our CORS support that is planned for the 7.11 release: https://github.com/elastic/kibana/issues/16714

BTW what do you mean by Http_tools.js file configuration? Did you manually edit the src/core/server/http/http_tools.ts file?

1 Like

@Pierre_Gayvallet, Thanks for the quick response.

Okay, if I leave only the option server.cors: true, kibana opens the login screen, but I need to skip this screen and for that, I use server.cors.origin server.cors.additionalHeaders, if I leave these settings, it presents the mentioned error, is there any other way to configure?

"BTW, what do you mean by setting the Http_tools.js file? Did you manually edit the src / core / server / http / http_tools.ts file?"

  • Yes, changing only the configuration in the kibana and elasticsearch files did not skip the login, changing this file, it worked in version 7.6.
1 Like

Not sure why you are encountering a difference of behavior between 7.6 and 7.9, given the info you provided:

  • Just checked to be sure, but server.cors.origin and server.cors.additionalHeaders are not valid config options on 7.6 either. Setting either of those in the Kibana config file would throw the same validation error on 7.6 than the one you encountered on 7.9

  • src/core/server/http/http_tools.ts did not change much between the two versions, at least the HAPI configuration conversion is the same. Manually editing the cors config for the HAPI server should behave the same on 7.6 and 7.9

1 Like

Ok, at the end of the release (https://github.com/elastic/kibana/issues/16714) there is a report similar to mine:

Do you have any predictions for version 7.11?

https://github.com/elastic/kibana/pull/84316 will land in 7.11. Once it's done, the new server.cors options will be:

server.cors.enabled Set to true to allow cross-origin API calls. Default: false

server.cors.credentials Set to true to allow browser code to access response body whenever request performed with user credentials. Default: false

server.cors.origin List of origins permitted to access resources. You must specify server.cors.origin when server.cors.credentials: true. Default: "*"

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.