In order to make requests across domains inside a browser, you'll need to enable CORS on the Kibana server. Unfortunately, this is not a documented configuration option, but it is supported.
Add server.cors: true to your kibana.yml in the Cloud dashboard. This should add the Access-Control-Allow-Origin: * header to all responses from Kibana. Note that this enables any webpage to access your Kibana API, though of course they'll still need valid credentials if you're using Security.
We tried to set this configuration server.cors: true to our kibana.yml on the elastic cloud deployment but the Activity page shows the following error:
It looks like we disallow this option in Elastic Cloud. Reach out to Cloud Support, they may be able to enable this setting for you.
If not, you will need to set up a proxy server (eg. nginx) in front of your Kibana server to add these headers. Though before doing that, you may want to explore other options. What is it that you're trying to develop?
Got it! This thread here may be helpful. You can setup a nginx server that adds Authorization headers for a specific user to auto-authenticate requests. This is likely more secure than embedding credentials in your client-side code.
If this a public-facing site, I definitely recommend using credentials for a user with the kibana_dashboard_only_user role so they cannot modify any Kibana data.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.