Search Guard - Enterprise Security for Elasticsearch
Version: 7.x-50.0.0
Community

Kibana in iframe

Content

Web browsers changed the default behavior for cookies so that:

  • Cookies without a SameSite attribute are treated as SameSite=Lax.
  • Cookies for cross-site usage must specify SameSite=None; Secure to include third party content.

It means that Kibana can’t be accessed via an iframe on a third party web site by default. The cookies at the Kibana side must be configured to add SameSite=None; Secure attributes.

Kibana configuration

kibana.yml

searchguard:
 cookie:
  secure: true
  isSameSite: None

References

Reject insecure SameSite=None cookies

Temporarily rolling back SameSite Cookie Changes

SameSite cookies explained

Incrementally Better Cookies

Questions? Drop us a note!

Not what you were looking for? Try the search.