Where can I get the correct kbn-xsrf value for my plugin HTTP requests?

trex · November 29, 2018, 9:56am

I develop a Kibana plugin where I try to use axios HTTP client. Now my code fails with

1. error: "Bad Request"
2. message: "Request must contain a kbn-xsrf header."
3. statusCode: 400

Where can I get the correct kbn-xsrf value?

The code which fails:

import axios from 'axios';
  
export default class {
  constructor() {
    this.http = axios.create({
      headers: { 'Content-Type': 'application/json' }
    });
  }

  statField(index, field, filters = []) {
    const query = {
      query: {
        bool: {
          must: [
            ...filters.map(filter => ({
              match: {
                [filter.field]: filter.value
              }
            }))
          ]
        }
      },
      aggs: {
        stat_agg: {
          stats: { field }
        }
      },
      size: 0
    };

    return this.http.post(`../elasticsearch/${index}/_search`, query)
    ...

trex · November 29, 2018, 10:13am

I put this into the HTTP request headers and it works, I get data from Elasticsearch.

this.headers = {
  'Content-Type': 'application/json',
  'kbn-xsrf': 'anything',
  'Accept': 'application/json, text/plain, */*'
};

But I'm not sure anything is a good value for kbn-xsrf. Is it a good value?

lukas · November 29, 2018, 4:11pm

Currently, as long as you include a kbn-xsrf header, it will work. I believe Kibana usually uses "kibana" in most places, but in some places it uses a different value.

system · December 27, 2018, 4:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.