I've updated my kibana.yml according to your suggestion: server.cors: true
server.xsrf.disableProtections: true
I am still getting the same error: app:1 Access to XMLHttpRequest at 'http://10.100.0.207:5604/api/features' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource
You mean you have entered the route and executed that from the browser? or you mean you've executed GET and POST request from an external app which is loaded in the browser?
My case is the second one. The first case will obviously work.
Typing localhost:5601/api/spaces/space in the browser address bar, will result in sending a GET request to this endpoint which will return the existing spaces.
I opened Kibana in one tab to ensure I was logged in, then opened another tab and loaded google.
I don't have another external app laying around, so I simulated this with Google by using fetch from the browser dev tools to access my Kibana APIs. This guaranteed a cross-origin request, and I could see the browser send the preflight OPTIONS request to ensure the request would be allowed before proceeding.
Without the configuration changes, I was seeing the CORS errors using this method. After adjusting my Kibana config, the errors went away, and I was able to hit those endpoints without any issues.
OK thanks Larry. I will try to do the same scenario you've done. I will share my results.
Is there any API to retrieve kibana.yml configurations or check specific peroperty's value in it?
I am suspecting then that my Kibana is not reading those configurations from my yml (although it does for other configurations)
Can you please attach the steps you've done?
I want to have identical steps.
In the meanwhile, I've developed server-side for my app and from there I can execute any request to Kibana.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.