Inhibit nextUrl

Hi All,

not sure this is the right palce for asking this.

I’m using Elastic stack using Kibana and reaonlyrest.

I need to disable or inihitbit the query string nextUrl param, in order to avoid redirect to another page, because representing a possible security issue.
Is that possible?

I’m using

but I tried also

and it does not look like solving the issue.

Thank you.

There is no way to disable nextUrl explicitly from the configuration, however, we offer customization of the Login page by injecting CSS/JS code or file. Thanks to it, you can remove the nextUrl query string parameter on the login page open.

  1. In kibana.yml define the path to your custom js file readonlyrest_kbn.login_custom_js_inject_file: '/usr/share/kibana/custom_login.js'
  2. Define a function to remove the query string param
function removeQueryParam(paramToRemove) {
  const url = new URL(window.location.href);
  const searchParams = url.searchParams;
  window.history.replaceState({}, '', url.toString());

(function init() {

Hi Dawid,

It looks like readonlyrest_kbn.login_custom_js_inject_file is not supported by my installation.

I got

FATAL Error: [config validation of [readonlyrest_kbn].login_custom_js_inject_file]: definition for this key is missing

Thank you for your support.



The login_custom_js_inject_file property was introduced in ROR version 1.45.0. To use this customization feature, you need at least a Pro license.

If you’re using a version before 1.45.0, you could still inject JavaScript code using inline code as explained in this guide: For Kibana | current (master) | ReadonlyREST. However, please note that this method also requires a Pro or Enterprise license.