Kibana CSP configuration

ishank · February 20, 2024, 11:40am

Hi

I am having difficulty changing CSP configuration in kibana.yml file.
I have tried multiple ways to change like:

csp.script_src: "'self' 'unsafe-eval' 'unsafe-inline';"
csp.script_src: ['self', 'unsafe-eval', 'unsafe-inline']

But kibana fails to start without giving any error in the logs. It just get stucks on:

[2024-02-20T11:32:39.529+00:00][INFO ][node] Kibana process configured with roles: [background_tasks, ui

Kibana documentation also doesn't give an example for the correct format to specify here.

Please help

jsanz · March 8, 2024, 1:10pm

csp.script_src is an array configuration (source). I tested this yaml snippet and Kibana started without issues:

csp.strict: false
csp.warnLegacyBrowsers: false
csp.script_src:
  - unsafe-inline
  - self
  - unsafe-eval

Mind that unsafe-inline has restrictions on strict and warnLegacyBrowsers values but you should see proper error messages in the Kibana logs.

Hope it helps.

Topic		Replies	Views
How to configure csp.rules for kibana on docker Kibana docker	3	3136	August 26, 2020
Does Kibana need the autorisation of 'unsafe-inline' or 'unsafe-eval' to work properly Kibana	3	2437	June 25, 2020
Csp configuration Kibana elastic-stack-security	6	1852	October 18, 2019
CSP blocking Kibana Kibana	4	1873	August 18, 2022
Kibana URL Page : Refused to execute inline script because it violates the following Content Security Policy directive Kibana	1	417	July 22, 2024