I’m using Elastic stack using Kibana and reaonlyrest.
I need to disable or inihitbit the query string nextUrl param, in order to avoid redirect to another page, because representing a possible security issue.
Is that possible?
I’m using
readonlyrest-1.41.0_es8.2.0.zip
readonlyrest_kbn_free-1.41.0_es8.2.0.zip
but I tried also readonlyrest_kbn_universal-1.55.0_es8.6.2.zip
Hi,
There is no way to disable nextUrl explicitly from the configuration, however, we offer customization of the Login page by injecting CSS/JS code or file. Thanks to it, you can remove the nextUrl query string parameter on the login page open.
In kibana.yml define the path to your custom js file readonlyrest_kbn.login_custom_js_inject_file: '/usr/share/kibana/custom_login.js'
Define a function to remove the query string param
The login_custom_js_inject_file property was introduced in ROR version 1.45.0. To use this customization feature, you need at least a Pro license.
If you’re using a version before 1.45.0, you could still inject JavaScript code using inline code as explained in this guide: For Kibana | current (master) | ReadonlyREST. However, please note that this method also requires a Pro or Enterprise license.