Kibana login loop while use iframe

Hi,
I shared my Kibana dashboard with public link(anonymous) and user can visit my dashboard in our website used iframe.
But the browser will try to login again and again without showing anything.
I got the following error message both in my chrome dev tool and kibana log.

{"type":"response","@timestamp":"2022-02-08T09:31:10+08:00","tags":,"pid":17315,"method":"get","statusCode":401,"req":{"url":"/api/licensing/info","method":"get","headers":{"host":"kheslogkibana","connection":"keep-alive","kbn-version":"7.16.2","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Edg/98.0.1108.43","kbn-system-request":"true","content-type":"application/json","accept":"/","referer":"http://kheslogkibana/login?next=%2Fs%2Fmh12%2Fgoto%2Ffbdae2f8e495130a5e75909f914edec3","accept-encoding":"gzip, deflate","accept-language":"en-US,en;q=0.9"},"remoteAddress":"10.19.2.249","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Edg/98.0.1108.43","referer":"http://kheslogkibana/login?next=%2Fs%2Fmh12%2Fgoto%2Ffbdae2f8e495130a5e75909f914edec3"},"res":{"statusCode":401,"responseTime":22,"contentLength":66},"message":"GET /api/licensing/info 401 22ms - 66.0B"}

And I also got the same error with this case:

But they didn't get the 401 error.
Do I need to set https and SameSite = None to fix this issue?

Kibana Version : 7.16.2
Ealsticsearch Version: 7.16.2

Hi,
We fixed this issue by setting kibana https and sameSite = None.

xpack.security.sameSiteCookies: None
xpack.security.secureCookies: true

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.