[ SOLVED] Adding custom csp rule on Elastic Cloud : 'csp.rules': is not allowed - Not possible yet

Hi !

I'm currently trying to modify the Content Security Policy in the kibana.yml file on a Clouded Deployment to allow a custom javascript to run on a dashboard but i get the following error message when adding the csp rules

csp.rules': is not allowed

My configuration is the following :

csp.rules:
  # current defaults
  - "script-src 'unsafe-eval' 'self' 'nonce-{base64nonce}'"

I researched the following links first whitout success :

Any help would be much appreciated !

Thanks in advance,

Ian

Do you mean Elastic Cloud?

If so, then yeah I see it's not whitelisted there yet. Thanks for letting us know! We'll take care of this as soon as possible. But for now can you try to reach out to the Cloud support to see if they can do that for you?

Best,
Oleg

I meant Elastic Cloud indeed, sorry about the wrong name

I expected that it wasn't possible yet, thanks for the quick answer !

I worked the problem an other way
Instead of trying to inject a script to modify the html/css in a dynamic way, i used a module of nginx to do it in a static way :
http://nginx.org/en/docs/http/ngx_http_sub_module.html

Thanks again

Thanks for sharing your solution! Yeah, that's also an option (and maybe even better than relaxed CSP rules :slightly_smiling_face:) .

Surely much better after finding the said module

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.