Morning,
Currently I am facing an issue with CORs not allowing an XMLHTTPRequest from my localhost (when using a header) to my Public Internet URL for Kibana. The error message when making a call to my public URL using a this header:
const headers = new HttpHeaders({
'kbn-xsrf' : '6.5.4'
});
IS
Access to XMLHttpRequest at 'https://<URL>.drlteam.net/api/security/v1/login' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
But if I make a call without a header the message is:
HttpErrorResponse {headers: HttpHeaders, status: 400, statusText: "Bad Request", url: "https://<URL>/api/security/v1/login", ok: false, …}
error: {statusCode: 400, error: "Bad Request", message: "Request must contain a kbn-xsrf header."}
headers: HttpHeaders {normalizedNames: Map(0), lazyUpdate: null, lazyInit: ƒ}
message: "Http failure response for https://<URL>/api/security/v1/login: 400 Bad Request"
name: "HttpErrorResponse"
ok: false
status: 400
statusText: "Bad Request"
url: "https://<URL>/api/security/v1/login"
__proto__: HttpResponseBase
The settings in our elasticsearch.yml(s) are:
http.cors.enabled: true
http.cors.allow-origin: "http://localhost:4200"
http.cors.allow-credentials: true
http.cors.allow-headers: Authorization, kbn-xsrf
Not sure where to go from here. Any assistance would be great.