XSRF header issue

(fx) #1

I have an issue regarding the installation of the Kibana ROR plugin (version 1.16.11) on a ELK stack 5.5.0.

I installed the elasticsearch plugin and successfully get it to work.
However after the installation of the Kibana plugin, when I enter my credentials into the login page, the following 400 error page is returned on Chrome:
{“statusCode”: 400, “error”: “Bad Request”, “message”: “Request must contain a kbn-xsrf header.”}

I checked and Chrome does not send this header, only a kbn-version header, and a kbn-name header.

Is there a specific configuration to do with Kibana to set this header ?


(Simone Scarduzio) #2

Hi @fximrim,
Are you an enterprise or PRO customer? I don’t find your email in my list. What’s the email you have purchased ROR with? Please send an email to info AT readonlyrest.com and we’ll mark your forum account as PRO/Enterprise.

(fx) #3

It’s a purchase linked to Fred Hosmann account, so my email will not be linked.

(Simone Scarduzio) #4

Oh nice, sure. I’ll have a look right now.

(fx) #5

OK Thanks,
I believe it’s related to the jQuery import. In fact my workstation does not have Internet access.
However I don’t understand why the other headers are defined.

I’m not able to check the Internet access right now but I will try later.


(Simone Scarduzio) #6

You brought up a good point though, I should make sure it works for air-gapped environments.

(Simone Scarduzio) #7

reproduced the bug! It’s definitely triggered by absence of internet connection, you were right.

(Ld57) #8

Hi @sscarduzio ,

I confirm for FX access to our license, it s the 5.x ES edition on our side :slight_smile:


(Simone Scarduzio) #9

I sent you guys a direct message with the link to the new build

(fx) #10

Thank you, I will not have the ability to test it, until few days.
But I will keep you up-to-date as soon as I’m able to test it.