Kibana CSP configuration

Hi

I am having difficulty changing CSP configuration in kibana.yml file.
I have tried multiple ways to change like:

csp.script_src: "'self' 'unsafe-eval' 'unsafe-inline';"
csp.script_src: ['self', 'unsafe-eval', 'unsafe-inline']

But kibana fails to start without giving any error in the logs. It just get stucks on:

[2024-02-20T11:32:39.529+00:00][INFO ][node] Kibana process configured with roles: [background_tasks, ui

Kibana documentation also doesn't give an example for the correct format to specify here.

Please help

csp.script_src is an array configuration (source). I tested this yaml snippet and Kibana started without issues:

csp.strict: false
csp.warnLegacyBrowsers: false
csp.script_src:
  - unsafe-inline
  - self
  - unsafe-eval

Mind that unsafe-inline has restrictions on strict and warnLegacyBrowsers values but you should see proper error messages in the Kibana logs.

Hope it helps.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.