Kibana Iframe Share Issue with Xframe and SameSite Cookie

hidanny · October 17, 2022, 8:09pm

Hello all,

This may be a super dumb question. For reference, I am using latest React and Google Chrome. Also, to note, this is working completely fine in Firefox. Just not in Google Chrome.

Essentially, I am trying to display a Kibana's Iframe on my local React website.
The problem is that its giving me Refused to display 'https://federate-prod-es...company.com" in a frame because it set "X-Frame-Options" to "deny"

Another issue that I can see when tracking the cookies is that I see "SameSite" cookie is giving a Lax instead of None.

Does this mean that I should Install Kibana to get the Kibana.yaml to edit these properties? I thought I would be able to just easily embed the shared results of Kibana on my site.

What can I do to resolve this? Am I not understanding something?

jsanz · October 24, 2022, 12:49pm

The kibana yaml setting you are likely looking for is xpack.security.sameSiteCookies, more details hele.

I've just added it to my Elastic Cloud deployment

And I could deploy a minimal TypeScript React application that shows an iframe of a public dashboard I have at https://ela.st/cumbre-vieja-eruption on this location: https://ihbdnn.csb.app/

Mind that of course one thing is allowing your iframe to load and another for Kibana to display stuff for anonymous users, skip the login screen and so on. The whole Anonymous authentication section in the Kibana docs provides comprehensive details on how this works.

system · November 19, 2022, 8:04pm

system · December 17, 2022, 4:54pm

system · January 14, 2023, 1:08pm