We have an urgent problem in moving Kibana to a production environment where the proxy adds X-Content-Type-Options: nosniff to the response headers.
If we run the kibana instance directly to bypass the proxy environment it starts and runs fine. But through the proxy we get the following line in the console:
The resource from “https://netefatsa.drdlr.gov.za/bundles/app/kibana/bootstrap.js” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff). This is in Firefox.
In Chrome 1. Request URL: https://netefatsa.drdlr.gov.za/bundles/app/kibana/bootstrap.js, 2. Request Method: GET 3. Status Code: 404 Not Found. The console shows the following message
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-SbBSU7MfZFnVMq4PuE/jbBz7pPIfXUTYDrdHl7Ckchc='), or a nonce ('nonce-...') is required to enable inline execution.
The Reverse proxy environment runs nginx behind a corporate proxy server.
As a result we cannot start Kibana at all. Please point us to some way. Please advise