Version: SG FLX
Community
Kibana in IFrame
Content
Web browsers changed the default behavior for cookies so that:
- Cookies without a
SameSite
attribute are treated asSameSite=Lax
. - Cookies for cross-site usage must specify
SameSite=None; Secure
to include third party content.
It means that Kibana can’t be accessed via an iframe on a third party web site by default. The cookies at the Kibana side must be configured to add SameSite=None; Secure
attributes.
Kibana configuration
kibana.yml
searchguard:
cookie:
secure: true
isSameSite: None
References
Reject insecure SameSite=None cookies
Temporarily rolling back SameSite Cookie Changes