I’m trying to debug a problem and I may need a hint to where to look to find a fix.
We are accessing Kibana through Cloudflare → LB → Kibana (one instance), this setup is working perfectly with the current 7.8 cluster.
However I’m now testing 1.48+8.7.1, and with the exact same setup as before I cannot log and get a CSFR error (credential are correct). If I access Kibana directly through an SSH tunnel it works and I can login.
Having a look at what is going on with the Chrome inspector, the only thing I see is that when I’m going through Cloudflare, the call providing the script login_tpl_defer.js is not setting any Cookie in the Kibana answer, where on a direct access I can see a __Host-ror.x-csrf-token cookie set.
On the network side their are telling me that they are not doing anything with the cookies.
Any idea who can cause this issue?