How to enable CORS in Kibana server


I am using Kibana dashboards as iframes under a web application. The problem is that the Kibana server is authenticated by SSO and there is no guarantee that the user's browser session is having a valid active session.
I need to make an http or XHR call to Kibana server internal to check if session is valid and redirect the user to login to Kibana if its invalid.
The problem is that I am getting CORS error and I am looking for enabling it. Could someone please help how to resolve this?

Hi @Prakash_Gupta,

I assume that the other authentication options for embedding dashboards as covered in the docs are not what you're looking for?

If you need to go down the CORS route, have you had a look at the server.cors related settings for Kibana in the documentation to see if these are what you need?

Thanks Carly. I tried these steps around 6 months ago on some 7.X version and it wasn't working but I tried again yesterday on Kibana 8.10 version with setting server.cors.enabled: true in kibana.yml and it worked.
Right now I have just tried on my local server and I am going make this change in production where the Kibana server is authenticated under SSO. I hope that shouldn't create any problem to make it work.

I see that these features are in preview, so I wonder if they weren't available when you last tried.

I haven't used these settings with SSO, so I would recommend trying a pre-production environment with SSO to validate first if you can.

Unfortunately, it didn't work on production server.
let currentUrl = new URL("[https://<kibana_server_url>]"); const xhr = new XMLHttpRequest();"GET", currentUrl.href, true ); xhr.send();
Access to XMLHttpRequest at ' <kibana_server_url> ' from origin ' http://localhost:8080 ' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I think why its working locally because my server is just http. It might need something else to work on https.
I will try to my local as https and see if it works.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.