Version: 7.x-52.5.0
This is an older version of Search Guard. Switch to Latest version
This is an older version of Search Guard. Switch to Latest version
Community
Kibana in iframe
Content
Web browsers changed the default behavior for cookies so that:
- Cookies without a
SameSite
attribute are treated asSameSite=Lax
. - Cookies for cross-site usage must specify
SameSite=None; Secure
to include third party content.
It means that Kibana can’t be accessed via an iframe on a third party web site by default. The cookies at the Kibana side must be configured to add SameSite=None; Secure
attributes.
Kibana configuration
kibana.yml
searchguard:
cookie:
secure: true
isSameSite: None
References
Reject insecure SameSite=None cookies
Temporarily rolling back SameSite Cookie Changes