Export Objects & Scripted Fields Force Logout

Elasticsearch Version: 7.4.0
Kibana Version: 7.4.0
RoR Version: 1.18.8 (Enterprise)

Attempts of using the saved objects export (note: not the individual selected export, the all function near the top) function via the Kibana UI result in a forced logout. There are no logs present in the RoR for elasticsearch but the following Kibana logs are observed:

{"type":"log","@timestamp":"2019-12-04T19:31:22Z","tags":["error","readonlyrest_kbn:onPreResponse"],"pid":31919,"message":"got an error [undefined] Bad Request for path /api/saved_objects/_export"}
{"type":"log","@timestamp":"2019-12-04T19:31:22Z","tags":["error","readonlyrest_kbn:onPreResponse"],"pid":31919,"message":"{\"data\":null,\"isBoom\":true,\"isServer\":false,\"output\":{\"statusCode\":400,\"payload\":{\"statusCode\":400,\"error\":\"Bad Request\",\"message\":\"Bad Request\",\"attributes\":{\"objects\":[{\"id\":\"194f7360-43e1-11e8-96f0-ed06a0b22b0a\",\"type\":\"visualization\",\"error\":{\"statusCode\":404,\"message\":\"Not found\"}},{\"id\":\"57462430-43e0-11e8-96f0-ed06a0b22b0a\",\"type\":\"visualization\",\"error\":{\"statusCode\":404,\"message\":\"Not found\"}},{\"id\":\"042614e0-43e0-11e8-96f0-ed06a0b22b0a\",\"type\":\"search\",\"error\":{\"statusCode\":404,\"message\":\"Not found\"}}]}},\"headers\":{\"kbn-name\":\"kibana\",\"kbn-xpack-sig\":\"0a154ef9420c5690805f8441b1d911c9\"}},\"message\":\"Bad Request\"}"}
{"type":"response","@timestamp":"2019-12-04T19:31:22Z","tags":[],"pid":31919,"method":"post","statusCode":302,"req":{"url":"/api/saved_objects/_export","method":"post","headers":{"connection":"upgrade","host":"myhost","content-length":"155","origin":"https://myhost","kbn-version":"7.4.0","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36","content-type":"application/json","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","referer":"https://myhost/kibana/app/kibana","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","x-ror-kibana-request-path":"/api/saved_objects/_export","x-ror-kibana-request-method":"post"},"remoteAddress":"1.1.1.1","userAgent":"1.1.1.1","referer":"https://myhost/kibana/app/kibana"},"res":{"statusCode":302,"responseTime":234,"contentLength":9},"message":"POST /api/saved_objects/_export 302 234ms - 9.0B"}
{"type":"log","@timestamp":"2019-12-04T19:31:22Z","tags":["error","readonlyrest_kbn:onPreResponse"],"pid":31919,"message":"got an error [undefined] Internal Server Error for path /login"}
{"type":"log","@timestamp":"2019-12-04T19:31:22Z","tags":["error","readonlyrest_kbn:onPreResponse"],"pid":31919,"message":"{\"stack\":\"TypeError: Cannot read property 'username' of null\\n    at username (/usr/share/kibana/plugins/readonlyrest_kbn/server/routes/lib/auth.js:123:44)\\n    at module.exports.internals.Manager.execute (/usr/share/kibana/node_modules/hapi/lib/toolkit.js:35:106)\\n    at Object.internals.handler (/usr/share/kibana/node_modules/hapi/lib/handler.js:50:48)\\n    at exports.execute (/usr/share/kibana/node_modules/hapi/lib/handler.js:35:36)\\n    at Request._lifecycle (/usr/share/kibana/node_modules/hapi/lib/request.js:263:62)\",\"message\":\"Cannot read property 'username' of null\",\"isBoom\":true,\"isServer\":true,\"data\":null,\"output\":{\"statusCode\":500,\"payload\":{\"statusCode\":500,\"error\":\"Internal Server Error\",\"message\":\"An internal server error occurred\"},\"headers\":{\"kbn-name\":\"kibana\",\"kbn-xpack-sig\":\"0a154ef9420c5690805f8441b1d911c9\"}},\"isDeveloperError\":true}"}
{"type":"response","@timestamp":"2019-12-04T19:31:22Z","tags":[],"pid":31919,"method":"get","statusCode":302,"req":{"url":"/login","method":"get","headers":{"connection":"upgrade","host":"myhost","kbn-version":"7.4.0","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","referer":"https://myhost/kibana/app/kibana","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","kbn-xsrf":"7.4.0","x-ror-kibana-request-path":"/login","x-ror-kibana-request-method":"get"},"remoteAddress":"1.1.1.1","userAgent":"1.1.1.1","referer":"https://myhost/kibana/app/kibana"},"res":{"statusCode":302,"responseTime":92,"contentLength":9},"message":"GET /login 302 92ms - 9.0B"}
{"type":"response","@timestamp":"2019-12-04T19:31:22Z","tags":[],"pid":31919,"method":"get","statusCode":302,"req":{"url":"/logout","method":"get","headers":{"connection":"upgrade","host":"myhost","kbn-version":"7.4.0","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","referer":"https://myhost/kibana/app/kibana","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","x-ror-kibana-request-path":"/logout","x-ror-kibana-request-method":"get"},"remoteAddress":"1.1.1.1","userAgent":"1.1.1.1","referer":"https://myhost/kibana/app/kibana"},"res":{"statusCode":302,"responseTime":10,"contentLength":9},"message":"GET /logout 302 10ms - 9.0B"}
{"type":"response","@timestamp":"2019-12-04T19:31:22Z","tags":[],"pid":31919,"method":"get","statusCode":200,"req":{"url":"/login?nextUrl=%2Fkibana%2Fapp%2Fkibana","method":"get","headers":{"connection":"upgrade","host":"myhost","kbn-version":"7.4.0","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36","accept":"*/*","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","referer":"https://myhost/kibana/app/kibana","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","kbn-xsrf":"7.4.0"},"remoteAddress":"1.1.1.1","userAgent":"1.1.1.1","referer":"https://myhost/kibana/app/kibana"},"res":{"statusCode":200,"responseTime":4,"contentLength":9},"message":"GET /login?nextUrl=%2Fkibana%2Fapp%2Fkibana 200 4ms - 9.0B"}

Running console in chrome the following is observed:

A similar issue occurs when attempt to edit or create scripted fields. The observed Kibana logs are as follows:

{"type":"response","@timestamp":"2019-12-04T18:33:40Z","tags":[],"pid":1799,"method":"get","statusCode":200,"req":{"url":"/api/saved_objects/_find?fields=title&fields=type&per_page=10000&type=index-pattern&page=1&default_search_operator=OR","method":"get","headers":{"host":"1.1.1.1:5601","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://1.1.1.1:5601/app/kibana","kbn-version":"7.4.0","content-type":"application/json","connection":"keep-alive","x-ror-kibana-request-path":"/api/saved_objects/_find","x-ror-kibana-request-method":"get"},"remoteAddress":"2.2.2.2","userAgent":"2.2.2.2","referer":"https://1.1.1.1:5601/app/kibana"},"res":{"statusCode":200,"responseTime":51,"contentLength":9},"message":"GET /api/saved_objects/_find?fields=title&fields=type&per_page=10000&type=index-pattern&page=1&default_search_operator=OR 200 51ms - 9.0B"}
{"type":"response","@timestamp":"2019-12-04T18:33:40Z","tags":[],"pid":1799,"method":"get","statusCode":200,"req":{"url":"/api/kibana/scripts/languages","method":"get","headers":{"host":"1.1.1.1:5601","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","kbn-version":"7.4.0","connection":"keep-alive","referer":"https://1.1.1.1:5601/app/kibana","x-ror-kibana-request-path":"/api/kibana/scripts/languages","x-ror-kibana-request-method":"get"},"remoteAddress":"2.2.2.2","userAgent":"2.2.2.2","referer":"https://1.1.1.1:5601/app/kibana"},"res":{"statusCode":200,"responseTime":16,"contentLength":9},"message":"GET /api/kibana/scripts/languages 200 16ms - 9.0B"}
{"type":"response","@timestamp":"2019-12-04T18:33:40Z","tags":[],"pid":1799,"method":"get","statusCode":304,"req":{"url":"/built_assets/dlls/icon.link-js.bundle.dll.js","method":"get","headers":{"host":"1.1.1.1:5601","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","connection":"keep-alive","referer":"https://1.1.1.1:5601/app/kibana","if-none-match":"\"5f16ccef3df3347bcb8da5ea0d99f3aff16f7f20-/built_assets/dlls/-gzip\"","x-ror-kibana-request-path":"/built_assets/dlls/icon.link-js.bundle.dll.js","x-ror-kibana-request-method":"get"},"remoteAddress":"2.2.2.2","userAgent":"2.2.2.2","referer":"https://1.1.1.1:5601/app/kibana"},"res":{"statusCode":304,"responseTime":10,"contentLength":9},"message":"GET /built_assets/dlls/icon.link-js.bundle.dll.js 304 10ms - 9.0B"}
{"type":"response","@timestamp":"2019-12-04T18:33:40Z","tags":[],"pid":1799,"method":"get","statusCode":200,"req":{"url":"/ui/fonts/roboto_mono/RobotoMono-Regular.ttf","method":"get","headers":{"host":"1.1.1.1:5601","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0","accept":"application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"identity","connection":"keep-alive","referer":"https://1.1.1.1:5601/app/kibana","x-ror-kibana-request-path":"/ui/fonts/roboto_mono/RobotoMono-Regular.ttf","x-ror-kibana-request-method":"get"},"remoteAddress":"2.2.2.2","userAgent":"2.2.2.2","referer":"https://1.1.1.1:5601/app/kibana"},"res":{"statusCode":200,"responseTime":9,"contentLength":9},"message":"GET /ui/fonts/roboto_mono/RobotoMono-Regular.ttf 200 9ms - 9.0B"}
{"type":"log","@timestamp":"2019-12-04T18:33:40Z","tags":["error","readonlyrest_kbn:onPreResponse"],"pid":1799,"message":"got an error [undefined] Not Found for path /app/theme-theme.js"}
{"type":"log","@timestamp":"2019-12-04T18:33:40Z","tags":["error","readonlyrest_kbn:onPreResponse"],"pid":1799,"message":"{\"data\":null,\"isBoom\":true,\"isServer\":false,\"output\":{\"statusCode\":404,\"payload\":{\"statusCode\":404,\"error\":\"Not Found\",\"message\":\"Unknown app theme-theme.js\"},\"headers\":{\"kbn-name\":\"kibana\",\"kbn-xpack-sig\":\"0a154ef9420c5690805f8441b1d911c9\"}}}"}
{"type":"response","@timestamp":"2019-12-04T18:33:40Z","tags":[],"pid":1799,"method":"get","statusCode":302,"req":{"url":"/app/theme-theme.js","method":"get","headers":{"host":"1.1.1.1:5601","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","connection":"keep-alive","referer":"https://1.1.1.1:5601/app/kibana","x-ror-kibana-request-path":"/app/theme-theme.js","x-ror-kibana-request-method":"get"},"remoteAddress":"2.2.2.2","userAgent":"2.2.2.2","referer":"https://1.1.1.1:5601/app/kibana"},"res":{"statusCode":302,"responseTime":76,"contentLength":9},"message":"GET /app/theme-theme.js 302 76ms - 9.0B"}
{"type":"log","@timestamp":"2019-12-04T18:33:41Z","tags":["error","readonlyrest_kbn:onPreResponse"],"pid":1799,"message":"got an error [undefined] Internal Server Error for path /login"}
{"type":"log","@timestamp":"2019-12-04T18:33:41Z","tags":["error","readonlyrest_kbn:onPreResponse"],"pid":1799,"message":"{\"stack\":\"TypeError: Cannot read property 'username' of null\\n    at username (/usr/share/kibana/plugins/readonlyrest_kbn/server/routes/lib/auth.js:123:44)\\n    at module.exports.internals.Manager.execute (/usr/share/kibana/node_modules/hapi/lib/toolkit.js:35:106)\\n    at Object.internals.handler (/usr/share/kibana/node_modules/hapi/lib/handler.js:50:48)\\n    at exports.execute (/usr/share/kibana/node_modules/hapi/lib/handler.js:35:36)\\n    at Request._lifecycle (/usr/share/kibana/node_modules/hapi/lib/request.js:263:62)\",\"message\":\"Cannot read property 'username' of null\",\"isBoom\":true,\"isServer\":true,\"data\":null,\"output\":{\"statusCode\":500,\"payload\":{\"statusCode\":500,\"error\":\"Internal Server Error\",\"message\":\"An internal server error occurred\"},\"headers\":{\"kbn-name\":\"kibana\",\"kbn-xpack-sig\":\"0a154ef9420c5690805f8441b1d911c9\"}},\"isDeveloperError\":true}"}
{"type":"response","@timestamp":"2019-12-04T18:33:41Z","tags":[],"pid":1799,"method":"get","statusCode":302,"req":{"url":"/login","method":"get","headers":{"host":"1.1.1.1:5601","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://1.1.1.1:5601/app/kibana","connection":"keep-alive","kbn-xsrf":"7.4.0","kbn-version":"7.4.0","x-ror-kibana-request-path":"/login","x-ror-kibana-request-method":"get"},"remoteAddress":"2.2.2.2","userAgent":"2.2.2.2","referer":"https://1.1.1.1:5601/app/kibana"},"res":{"statusCode":302,"responseTime":47,"contentLength":9},"message":"GET /login 302 47ms - 9.0B"}
{"type":"response","@timestamp":"2019-12-04T18:33:41Z","tags":[],"pid":1799,"method":"get","statusCode":302,"req":{"url":"/logout","method":"get","headers":{"host":"1.1.1.1:5601","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://1.1.1.1:5601/app/kibana","connection":"keep-alive","x-ror-kibana-request-path":"/logout","x-ror-kibana-request-method":"get"},"remoteAddress":"2.2.2.2","userAgent":"2.2.2.2","referer":"https://1.1.1.1:5601/app/kibana"},"res":{"statusCode":302,"responseTime":19,"contentLength":9},"message":"GET /logout 302 19ms - 9.0B"}
{"type":"response","@timestamp":"2019-12-04T18:33:41Z","tags":[],"pid":1799,"method":"get","statusCode":200,"req":{"url":"/plugins/readonlyrest_kbn/session_probe.txt","method":"get","headers":{"host":"1.1.1.1:5601","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","kbn-version":"7.4.0","kbn-xsrf":"7.4.0","x-requested-with":"XMLHttpRequest","connection":"keep-alive","referer":"https://1.1.1.1:5601/app/kibana","x-ror-kibana-request-path":"/plugins/readonlyrest_kbn/session_probe.txt","x-ror-kibana-request-method":"get"},"remoteAddress":"2.2.2.2","userAgent":"2.2.2.2","referer":"https://1.1.1.1:5601/app/kibana"},"res":{"statusCode":200,"responseTime":22,"contentLength":9},"message":"GET /plugins/readonlyrest_kbn/session_probe.txt 200 22ms - 9.0B"}
{"type":"response","@timestamp":"2019-12-04T18:33:41Z","tags":[],"pid":1799,"method":"get","statusCode":200,"req":{"url":"/login","method":"get","headers":{"host":"1.1.1.1:5601","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br","referer":"https://1.1.1.1:5601/app/kibana","connection":"keep-alive","kbn-xsrf":"7.4.0","kbn-version":"7.4.0"},"remoteAddress":"2.2.2.2","userAgent":"2.2.2.2","referer":"https://1.1.1.1:5601/app/kibana"},"res":{"statusCode":200,"responseTime":4,"contentLength":9},"message":"GET /login 200 4ms - 9.0B"}

Running console in chrome the following is observed:

Test were done with and without the nginx proxy, results were the same.

Not sure whats going but it seems something specifically to do with how RoR proxy’s the connections. I tired playing withthe whitelistPaths to no avail. It should also be noted that if using dark theme RoR also issues accessing the /app/theme-theme.js during the aforementioned actions.

~Regards

@mgaetano thanks for reporting
@coutoPL let’s add this to Jira?