I'm using kibana 7.6.2 version and I tried to execute a cross-site domain access to Kibana bypassing login page.
After I launched http post call to Kibana login endpoint, attaching username and password,
I obtain a warning in Cookie section.
If I moved the mouse pointer to (i) of SameSite column, I get the following message back:
This Set-Cookie didn't specify a "SameSite" attributed and was defaulted to "SameSite=Lax" and was blocked because it came from a cross-site response which was not the response to a top-level navigation. The Set-Cookie had to have been set with "SameSite=None" to enable cross-site usage.
it seems that in version 7.6.2 the SameSite
setting to None
is not enabled, but in the http_tools.js
there is a boolean variable isSameSite
which by default is set to false
.
How can I fix this bug?