This Elastic installation has strict security requirements enabled that your current browser does not meet

I tried in Chrome, edge and Firefox after updating the browser version but not working. Please see the screenshot attached.

Getting this : "This Elastic installation has strict security requirements enabled that your current browser does not meet. "

The only difference I see is the Windows version. My client is using Windows Pro whereas we use the enterprise version.

image (1)923×366 5.87 KB

We identified a potential method to enable access by manipulating the CSP settings, specifically by setting Kibana's strict mode for CSP to false. However, it's essential to note that disabling Kibana's strict CSP mode increases the risk of security vulnerabilities.

Kindly provide some way out for this.

Hi @nkf_123,

Do you have a proxy in front of Kibana at all? I assume you're using the latest versions of Chrome, Edge and Firefox?

I am not 100% but I do think there is a proxy @carly.richmond

And yes, I am using the latest chrome version.

But how do I fix this? csp.strict : false will hamper with the security

Can you share your Kibana config @nkf_123, including any proxy-specific configuration that you've added? Are you using nginx or an alternative?

@carly.richmond
Sorry, I cannot share it.

But could you advise whether setting it to the following will cause an issue?

csp.strict: false
csp.warnLegacyBrowsers: true

As you said in your original message @nkf_123 disabling Kibana's strict CSP mode does open you up to unsafe scripting practices. You can enable these options if you're comfortable with the risk.

Alternatively I would look at your proxy settings to see if they need to be tweaked. There is an example in this thread.

I also assume you're not embedding the Kibana dashboard in a web application, which can also give you CSP issues if misconfigured?

Hope that helps!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.