Hi All,
not sure this is the right palce for asking this.
I’m using Elastic stack using Kibana and reaonlyrest.
I need to disable or inihitbit the query string nextUrl param, in order to avoid redirect to another page, because representing a possible security issue.
Is that possible?
I’m using
readonlyrest-1.41.0_es8.2.0.zip
readonlyrest_kbn_free-1.41.0_es8.2.0.zip
but I tried also readonlyrest_kbn_universal-1.55.0_es8.6.2.zip
and it does not look like solving the issue.
Thank you.
Andrea.
Hi,
There is no way to disable nextUrl explicitly from the configuration, however, we offer customization of the Login page by injecting CSS/JS code or file. Thanks to it, you can remove the nextUrl query string parameter on the login page open.
kibana.yml define the path to your custom js file readonlyrest_kbn.login_custom_js_inject_file: '/usr/share/kibana/custom_login.js'function removeQueryParam(paramToRemove) {
const url = new URL(window.location.href);
const searchParams = url.searchParams;
searchParams.delete(paramToRemove);
window.history.replaceState({}, '', url.toString());
}
(function init() {
removeQueryParam('nextUrl');
})();
Hi Dawid,
It looks like readonlyrest_kbn.login_custom_js_inject_file is not supported by my installation.
I got
FATAL Error: [config validation of [readonlyrest_kbn].login_custom_js_inject_file]: definition for this key is missing
Thank you for your support.
andrea
Hi,
The login_custom_js_inject_file property was introduced in ROR version 1.45.0. To use this customization feature, you need at least a Pro license.
If you’re using a version before 1.45.0, you could still inject JavaScript code using inline code as explained in this guide: For Kibana | current (master) | ReadonlyREST. However, please note that this method also requires a Pro or Enterprise license.