Hi, I need to login Kibana via my application ("http://localhost:3000"). I post login data to "http://localhost:5601/internal/security/login" by ajax, but "Access-Control-Allow-Origin" header not show in the response
$.ajax({
url: "http://localhost:5601/internal/security/login",
method: "POST",
dataType: "json",
headers: {
"Content-Type": "application/json",
"kbn-version": "7.12.0",
"kbn-xsrf": "7.12.0",
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Credentials": true,
"Access-Control-Allow-Methods": "*",
"Access-Control-Allow-Headers": "*"
},
data: {
params: {username: "admin", password: "admin"},
provideName: "basic",
provideType: "basic",
}
});
-kibana.yml
server.cors.enabled: true
server.cors.allowCredentials: true
server.cors.allowOrigin: ["http://localhost:3000"]
-elasticsearch.yml
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-credentials: true
http.cors.allow-methods: OPTIONS,HEAD,GET,POST,PUT,DELETE
http.cors.allow-headers: kbn-version,kbn-xsrf,Origin,X-Requested-With,Content-Type,Accept,Engaged-Auth-Token,Content-Length,Authorization
Response to OPTIONS request (kibana -> client)
HTTP/1.1 200 OK
cache-control: private, no-cache, no-store, must-revalidate
Connection: keep-alive
content-length: 54
content-type: application/json; charset=utf-8
Date: Wed, 13 Jul 2022 16:52:45 GMT
kbn-license-sig:...
kbn-name: kibana
Keep-Alive: timeout=120
Why server.cors.allowOrigin setting not work?
Thank you.