Unable to execute POST request to Kibana

I've updated my kibana.yml according to your suggestion:
server.cors: true
server.xsrf.disableProtections: true

I am still getting the same error:
app:1 Access to XMLHttpRequest at 'http://10.100.0.207:5604/api/features' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource

Give me a bit to get an installation of 7.5.1 running, and I'll try to reproduce this locally

I'm not able to reproduce this error when configured with

server.cors: true
server.xsrf.disableProtection: true

When I don't have these set, then I do see the errors you're reporting, but that's expected.

Are you restarting your Kibana server after making these configuration changes?

How have you executed the GET request?
Using cURL or Postman will work

Good question. I tested using both a GET and POST request in the browser

You mean you have entered the route and executed that from the browser? or you mean you've executed GET and POST request from an external app which is loaded in the browser?
My case is the second one. The first case will obviously work.
Typing localhost:5601/api/spaces/space in the browser address bar, will result in sending a GET request to this endpoint which will return the existing spaces.

I did the latter:

I opened Kibana in one tab to ensure I was logged in, then opened another tab and loaded google.
I don't have another external app laying around, so I simulated this with Google by using fetch from the browser dev tools to access my Kibana APIs. This guaranteed a cross-origin request, and I could see the browser send the preflight OPTIONS request to ensure the request would be allowed before proceeding.

Without the configuration changes, I was seeing the CORS errors using this method. After adjusting my Kibana config, the errors went away, and I was able to hit those endpoints without any issues.

OK thanks Larry. I will try to do the same scenario you've done. I will share my results.

Is there any API to retrieve kibana.yml configurations or check specific peroperty's value in it?
I am suspecting then that my Kibana is not reading those configurations from my yml (although it does for other configurations)

Unfortunately there is not. The yml file can contain sensitive information, which we wouldn't want to expose over an API, even an authenticated one.

Sorry if this is an obvious suggestion, but did you ensure that your settings aren't prefix with a #?

So instead of

# server.cors: true

You would want:

server.cors: true

Hi @Larry_Gregory

Can you please attach the steps you've done?
I want to have identical steps.
In the meanwhile, I've developed server-side for my app and from there I can execute any request to Kibana.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.