Hi there!
In order to make requests across domains inside a browser, you'll need to enable CORS on the Kibana server. Unfortunately, this is not a documented configuration option, but it is supported.
Add server.cors: true to your kibana.yml in the Cloud dashboard. This should add the Access-Control-Allow-Origin: * header to all responses from Kibana. Note that this enables any webpage to access your Kibana API, though of course they'll still need valid credentials if you're using Security.