It throws Uncaught SecurityError: Blocked a frame with origin "######" from accessing a cross-origin frame. (######/bundles/kibana.bundle.js?v=10229:75283)
Kibana version - 4.6
What I have tried till now:
Enabling server.cors: true in kibana.yml
This does not help. If I try to make a XHR call, then I see the required headers in the response. But when I put those document contents inside the iframe, only the loading page appears and the css and other js are pointed to local paths. Nothing loads.
Ya I have tried that, but as mentioned is the same thread, that is not the reason. And also I am already getting the headers. Problem lies somewhere else.
The user in the other topic looks like they had stability problems with their Kibana instance, but they never followed up with providing any error logs from Kibana.
Are you also seeing your Kibana instance go to red status when you use server.cors.origin: ['*']?
I checked more with my team and found out that changing server.cors.origin in production mode is not supported in Kibana. It's allowed as an option just in Dev mode as it is necessary for running unit tests.
This means that you will not be able to call Kibana API's from AJAX in a browser application. Since it's CORS, you would have the option of calling the APIs in server-based application though.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.