Is api/security/login still in Kibana 8.10.2?

I'm trying to embed an iframe in a page of mine and I was getting CORS errors while doing a login request on /api/security/login so that the user doesn't have to log in multiple times. I think I worked through most of them, however the preflight options request gets a 404 response with a message "It does not have HTTP ok status."

This message is pretty cryptic to me so I'm assuming that maybe /api/security/login was changed somehow? The 404 tells me it can't find something...


    const headerObj = {};
    headerObj['kbn-xsrf'] = 'true';
    headerObj['Content-Type'] = 'application/json'`http://redacted:5601/api/security/login`, {username: 'redacted', password: 'redacted'},
      {headers: headerObj}).then((res) => {



  kibana.yml: |- kibana ""
    elasticsearch.hosts: [ "https://elasticsearch:9200" ]
    elasticsearch.username: kibana
    elasticsearch.password: redacted
    elasticsearch.ssl.verificationMode: none

    server.cors.enabled: true
    server.cors.allowCredentials: true
    server.cors.allowOrigin: ["http://localhost:3000"]
    server.customResponseHeaders: {"Access-Control-Allow-Origin": "http://localhost:3000", "Access-Control-Allow-Credentials": "true" }

I figured it out, kinda. I used a different route: internal/security/login. I'm sure it's not the right one, but it works.

    headerObj['kbn-xsrf'] = 'true';
    headerObj['Content-Type'] = 'application/json'`http://redacted:5601/internal/security/login`, loginPayload,
      {headers: headerObj}).then((res) => {

    }).catch(err => {


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.