I am running Kibana directly from the source code cloned from GitHub (version 8.13.4) and have disabled security via xpack.security.enabled: false in both elasticsearch.yml and kibana.yml.
When I attempt to import saved objects (like dashboards) using the _import REST API against this source build, the call fails. For example, running the following curl command (using a valid export.ndjson file containing a dashboard):
curl.exe -X POST "http://localhost:5601/api/saved_objects/_import" -H "kbn-xsrf: true" --form "file=@export.ndjson"
Results in a simple "Not Found" response (likely HTTP 404).
This prevents me from programmatically managing dashboards and other saved objects on my development instance.
Importantly, if I run the exact same curl command against a standard installed distribution build of Kibana 8.13.4 (with security disabled using the identical configuration changes), the import succeeds as expected, returning:
{"successCount":1,"success":true,"warnings":[],"successResults":[{"type":"dashboard","id":"***","meta":{"title":"**","icon":"**"},"managed":false}]}
This issue seems specific to running Kibana from the source code development environment.