I am using Kibana version 7.5.2 which is linked to my elasticsearch instance. I have created a dashboard of visualizations on Kibana and have embedded the dashboard in a web page that I make available to the users of my product. Since the last few days, I am seeing that the embedded Kibana dashboard asks for login credentials from users and upon entering those details, it redirects back to the login page. This happens only via the embedded dashboard. If I access the dashboard link on a different browser tab, I am able to see the dashboard. Deleting all the cookies and other site data did not make the issue go away but opening the same web page on another browser did work perfectly. What seems to be the issue here?
I have the exact same issue: CSP errors when using an Kibana iframe
Are you getting any CSP errors in console log?
My Kibana logs have just too convoluted information to make sense of. Using search on logs does not reveal any log messages that have the same phrase that you have posted in your post. I also checked the Kibana console and there were no logs there.
In the browser (console) too when viewing the Kibana login page?
Oh right. In my browser console, I do see a message same as the one mentioned in your post. Does the issue persist for you even if you use some other browser?
For me, this issue does not come when I use another browser. I have tried deleting the cookies/history of the one I am seeing the issue on but didnt work
I am seeing this issue in just chrome and wonder if this is a Chrome bug where it is treating a link as a script. Thoughts?
I followed the link in the browser console log and found the following message which is left out of the Kibana web page.
This Kibana installation has strict security requirements enabled that your current browser does not meet.// Since this is an unsafe inline script, this code will not run // in browsers that support content security policy(CSP). This is // intentional as we check for the existence of __kbnCspNotEnforced__ in // bootstrap.
It seems like the issue is with the browser although I am using the latest version of Google Chrome. So it seems that Chrome itself is incompatible to run Kibana as of now. But this needs verification by others and someone from elastic.co.
Seems to be a Bug on the latest Chrome Update.
Kibana using cookie to implement login, however latest Chrome can not store non secure cookie.
Maybe best practices is enable HTTPS for kibana.
Hi @ayushr - could you just confirm exactly which version of Chrome you're using?
Hi. I am using Google Chrome Version 84.0.4147.135 (Official Build) (64-bit)
Thanks for confirming. I managed to reproduce this with 7.9 Kibana dashboard in Chrome 84.0.4147.135 on Mac OSX. Looking into this. Works correctly in Firefox
Great that issue could be reproduced. Thanks for your support. Looking forward to the issue being fixed.
The solution for this would be to set
sameSiteCookies: None in
kibana.yml and you'll need to use https, otherwise Chrome won't respect the setting. The only caveat is that this will work with Kibana 7.8.1 and above. I verified on 7.9 and works fine.
Hi. Is there any other way as in my org, I am using Kibana as a service which is installed and maintained by another team. Is there a solution which works for me only?
You can use another browser except Chrome. Even downgrading Chrome should work.