Kibana 7.12.0 server.cors setting seems not work

Hi, I need to login Kibana via my application ("http://localhost:3000"). I post login data to "http://localhost:5601/internal/security/login" by ajax, but "Access-Control-Allow-Origin" header not show in the response

  url: "http://localhost:5601/internal/security/login",
  method: "POST",
  dataType: "json",
  headers: {
    "Content-Type": "application/json",
    "kbn-version": "7.12.0",
    "kbn-xsrf": "7.12.0",
    "Access-Control-Allow-Origin": "*",
    "Access-Control-Allow-Credentials": true,
    "Access-Control-Allow-Methods": "*",
    "Access-Control-Allow-Headers": "*"
  data: {
    params: {username: "admin", password: "admin"},
    provideName: "basic",
    provideType: "basic",


server.cors.enabled: true
server.cors.allowCredentials: true
server.cors.allowOrigin: ["http://localhost:3000"]


http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-credentials: true
http.cors.allow-methods: OPTIONS,HEAD,GET,POST,PUT,DELETE
http.cors.allow-headers: kbn-version,kbn-xsrf,Origin,X-Requested-With,Content-Type,Accept,Engaged-Auth-Token,Content-Length,Authorization

Response to OPTIONS request (kibana -> client)

HTTP/1.1 200 OK
cache-control: private, no-cache, no-store, must-revalidate
Connection: keep-alive
content-length: 54
content-type: application/json; charset=utf-8
Date: Wed, 13 Jul 2022 16:52:45 GMT
kbn-name: kibana
Keep-Alive: timeout=120

Why server.cors.allowOrigin setting not work?
Thank you.

Hi Terry,

I don't know much about cors but found this which might help;

Please let us know if you find your solution so others can learn as well.


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.