Version: 7.x-50.0.0
Community
Kibana in iframe
Content
Web browsers changed the default behavior for cookies so that:
- Cookies without a
SameSite
attribute are treated asSameSite=Lax
. - Cookies for cross-site usage must specify
SameSite=None; Secure
to include third party content.
It means that Kibana can’t be accessed via an iframe on a third party web site by default. The cookies at the Kibana side must be configured to add SameSite=None; Secure
attributes.
Kibana configuration
kibana.yml
searchguard:
cookie:
secure: true
isSameSite: None
References
Reject insecure SameSite=None cookies
Temporarily rolling back SameSite Cookie Changes