Logging into Cloud Kibana using React

Hello Elastic maniacs,

this is my first post, so just a quick introduction - my name is Marek and I work as a developer for a construction related company that analyses and visualised construction data using Elasticsearch and Kibana. I'm pretty fresh to the software development industry, so it's all pretty scary to me at times!

Our system is based on Django Rest Framework and React. The idea is to process raw data in Django, send it to Elasticsearch and embed it in React's frontend as a Kibana iframe.

I used elasticsearch-py library to ensure user and role creation in Elastic when signing up to our service. Now I wish we were able to log them into Kibana when they log into our service to avoid double log in.

I found this post from 2017 Logging into Kibana from a React page using /api/security/v1/login and I have two questions:

  1. Is it a valid idea? I was trying to use the above solution and I got this error:

Access to fetch at 'xxx/api/security/v1/login' from origin 'http://127.0.0.1:8000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'.

I did add those to the "User settings override" (Cloud equivalent to yaml file):

http.cors.enabled: true
http.cors.allow-origin: "http://127.0.0.1:8000"

I know CORS is a tricky subjects and I was wondering if maybe it wasn't changed since 2017...

  1. Another question would be if the API in the above example is correct for the newest version of Elastic and if not, what would be an equivalent that I should use now?

I hope it makes sense, let me know if you need any more info!

Kind regards,
Marek

Hello,

Using the authorization header and the API key seems to be the best method: https://www.elastic.co/guide/en/kibana/current/kibana-authentication.html (bottom of the page)

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.