Hi, I have tried to enable CORS via kibana.yml and elasticsearch.yml but seems not work because my POST request not start yet because previous OPTIONS started from browser to Kibana endpoint, not receive correct headers for procedeed with POST request.
I have used chrome v80.0.3987.149 for test.
In kibana.yml
server.cors: true
#server.cors.origin: ["https://10.10.10.100:8080"]
server.cors.origin: ["*"]
server.cors.additionalHeaders: ["kbn-version","kbn-xsrf","cookie"]
server.cors.credentials: true
In elasticsearch.yml
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-credentials: true
http.cors.allow-methods: OPTIONS,HEAD,GET,POST,PUT,DELETE
http.cors.allow-headers: kbn-version,kbn-xsrf,Origin,X-Requested-With,Content-Type,Accept,Engaged-Auth-Token,Content-Length,Authorization
Request to KIBANA (CLIENT --> KIBANA)
OPTIONS /kibana/internal/security/login HTTP/1.1
Host: 10.10.10.110:5601
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Access-Control-Request-Method: POST
Origin: https://10.10.10.100:8080
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36
Access-Control-Request-Headers: content-type,kbn-version,kbn-xsrf
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Referer: https://10.10.10.100:8080/xxx
Accept-Encoding: gzip, deflate, br
Accept-Language: it-IT,it;q=0.9,en-US;q=0.8,en;q=0.7
Response to OPTIONS request (KIBANA --> CLIENT)
HTTP/1.1 200 OK
kbn-name: XXX
kbn-license-sig: XXX
kbn-xpack-sig: XXX
content-type: application/json; charset=utf-8
cache-control: no-cache
content-length: 54
Date: Fri, 03 Apr 2020 18:24:22 GMT
Connection: keep-alive
How to solve? Thank you.
PS: If use "Moesif Origins & CORS Changer" as chrome extension just right configured for scope, all is work properly because this extension provide right headers in response to OPTION by client so client can fire POST request to Kibana endpoint properly