Kibana CSP configuration

ishank · February 20, 2024, 11:40am

Hi

I am having difficulty changing CSP configuration in kibana.yml file.
I have tried multiple ways to change like:

csp.script_src: "'self' 'unsafe-eval' 'unsafe-inline';"
csp.script_src: ['self', 'unsafe-eval', 'unsafe-inline']

But kibana fails to start without giving any error in the logs. It just get stucks on:

[2024-02-20T11:32:39.529+00:00][INFO ][node] Kibana process configured with roles: [background_tasks, ui

Kibana documentation also doesn't give an example for the correct format to specify here.

Please help

jsanz · March 8, 2024, 1:10pm

csp.script_src is an array configuration (source). I tested this yaml snippet and Kibana started without issues:

csp.strict: false
csp.warnLegacyBrowsers: false
csp.script_src:
  - unsafe-inline
  - self
  - unsafe-eval

Mind that unsafe-inline has restrictions on strict and warnLegacyBrowsers values but you should see proper error messages in the Kibana logs.

Hope it helps.

system · April 5, 2024, 1:10pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to configure csp.rules for kibana on docker Kibana docker	3	2987	August 26, 2020
Kibana URL Page : Refused to execute inline script because it violates the following Content Security Policy directive Kibana	1	57	July 22, 2024
Csp error for custom kibana login page Kibana	10	300	February 2, 2024
CSP warning toast displays in latest browsers Kibana	3	1077	June 26, 2020
Problem in integrating external script in Kibana Plugin Kibana	2	1377	February 6, 2020