Kibana iFrame CORS


(Elijah Wilkes) #1

I would like for elements in Kibana, on my app, to be links. My thought was to make them links using JQuery once the iframe is finished loading. This creates a CORS error. Is there any sort of config to allow Cross Origin Resource Sharing in the Kibana iframe that is copied from the 'share vsualization' embed field?


Iframe Embed Cross Origin Security Exception
Elasticcloud-Kibana, iframe auto authentication CORS
(Joe Fleming) #2

You can add server.cors values to you kibana.yml file, which we pass directly to the server. See the source here

I believe the Hapi docs that explain how to use this are right here (scorll down a bit).


(cuneyt) #3

Hi Joe. I know this is a bit old topic but it's the exact question I would ask anyway and the answer is a bit incomplete. Hapi docs don't explain anything. At least I couldn't make it work. How to set an object to a kibana setting?

How do you add the allow-origin to this feature please? In kibana.yml I add

server.cors : true

Then I can see cors headers are added but I cannot add allow-origin values. I have tried

server.cors : "origin : ['*']"
server.cors.origin : "*" 

etc. but no luck. Does anyone know how to do this?


(Joe Fleming) #4

From the Hapi docs:

CORS headers are disabled by default. To enable, set cors to true, or to an object with the following options: ...

So either of these should work:

Setting cors to true

server.cors: true

Setting origin to star

server.cors.origin: "*"

You've tried both, so I'm not sure why it wouldn't work. What's the issue you're having? And what header values do you see?


(cuneyt) #5

It does enable CORS. I can see headers but it only allows to itself which is practically no CORS.

So it enables requests from Kibana port 5601 as seen in pic. But I need to do it from a NodeJs app served from different port (Let's say 3000)

But I've found a way to do it using NGINX. I just need to open another port to be the reverse proxy for Kibana. Then I can set origin to what I want. But I couldn't make Hapi way to work.


(Joe Fleming) #6

What do the headers look like if you use server.cors.origin: "*" (and remove server.cors: true)?


(cuneyt) #7

If I add server.cors.origin: "*" (with or without server.cors : true) Kibana fails to restart. It doesn't seem to be a valid usage in yml file.

When I "systemctl status kibana":

Process: 2986 ExecStart=/usr/share/kibana/bin/kibana -c /etc/kibana/kibana.yml (code=exited, status=1/FAILURE)


(Joe Fleming) #8

Ah, yeah, that does indeed produce an error:

[1] "origin" must be an array

Sorry about that. Looks like this is the right config:

server.cors.origin: ['*']


Kibana enable cors
(cuneyt) #9

Still no luck. When I update yml file status stays Green for a while (around 15 secs.) Then turns red.


(Joe Fleming) #10

What's failing? You should see what thing is going red in the output from the Kibana server.

Also, any chance you can share your whole kibana.yml? You can remove passwords and the like.


(cuneyt) #11

kibana.yml file is quite simple almost all the lines from the original are commented out except below:

server.port: 5601
server.host: "0.0.0.0"
elasticsearch.url: "http://elasticsearch.mycloud:9200"
server.cors.origin: ['*']

Below is what I see when I run status. When I comment out the line with the cors it turns green again.

● kibana.service - Kibana
Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Fri 2017-03-31 01:28:12 UTC; 5min ago
Process: 6252 ExecStart=/usr/share/kibana/bin/kibana -c /etc/kibana/kibana.yml (code=exited, status=1/FAILURE)
Main PID: 6252 (code=exited, status=1/FAILURE)

Mar 31 01:28:11 ip-10-0-0-123.ec2.internal systemd[1]: kibana.service: main process exited, code=exited, status=1/FAILURE
Mar 31 01:28:11 ip-10-0-0-123.ec2.internal systemd[1]: Unit kibana.service entered failed state.
Mar 31 01:28:11 ip-10-0-0-123.ec2.internal systemd[1]: kibana.service failed.
Mar 31 01:28:12 ip-10-0-0-123.ec2.internal systemd[1]: kibana.service holdoff time over, scheduling restart.
Mar 31 01:28:12 ip-10-0-0-123.ec2.internal systemd[1]: start request repeated too quickly for kibana.service
Mar 31 01:28:12 ip-10-0-0-123.ec2.internal systemd[1]: Failed to start Kibana.
Mar 31 01:28:12 ip-10-0-0-123.ec2.internal systemd[1]: Unit kibana.service entered failed state.
Mar 31 01:28:12 ip-10-0-0-123.ec2.internal systemd[1]: kibana.service failed.


(Joe Fleming) #12

It looks like Kibana isn't starting correctly. I think there's some other issue here besides just CORS. Maybe that config value is still wrong...

The systemd output isn't super helpful, seeing the actual Kibana logs might give some hints. According to our docs, you can find the logs in /var/log/kibana. Alternatively, I believe systemd uses journald for logging, and that you can view the kibana logs using journalctl -fu kibana.service.


(system) #13