Iframe Embed Cross Origin Security Exception

Have you tried using the suggestions in this topic? Kibana iFrame CORS

Basically, use server.cors.origin: ['*'] instead of the boolean.

It's not clear what your code section in part 1 is in reference to. Are you trying to access Kibana's elements in the iframe in your own Javascript?