我在Web应用程序中粘贴了Kibana仪表板的iframe代码,效果很好。我正在尝试跳过登录屏幕。
由于我已经在内存中存储了用户的凭据,因此在加载嵌入式可视化文件之前,我想到了对/api/v1/auth/login的AJAX调用,应该设置适当的cookie并跳过登录屏幕。
问题是,如果Kibana具有kbn-version标头,它将仅接受请求。但是,如果我向AJAX请求添加kbn-version标头,则飞行前OPTIONS请求失败,并显示以下内容:
“ CORS错误:不允许某些标头”
我尝试将kbn-version添加到某些Hapi配置设置中,例如server.cors.additionalHeaders,server.cors.headers,server.cors.exposedHeaders和server.cors.additionalExposedHeaders,但它们似乎都不起作用
这是我的custom-kibana.yml文件:
$ cat custom-kibana.yml
---
# Default Kibana configuration from kibana-docker.
server.name: kibana
server.host: "0"
server.cors : true
server.cors.origin: ['*']
server.cors.additionalHeaders: ['kbn-xsrf', 'kbn-version']
server.cors.headers: ["accept", "authorization", "content-type", "if-none-match", "origin", "kbn-xsrf", "kbn-version"]
server.cors.exposedHeaders: ["accept", "authorization", "content-type", "if-none-match", "origin", "kbn-xsrf", "kbn-version"]
server.cors.additionalExposedHeaders: ['kbn-xsrf', 'kbn-version']
# server.ssl.enabled: true
# server.ssl.key: kibana.pem
# server.ssl.certificate: kibana-key.pem
elasticsearch.url: https://localhost:9200
elasticsearch.ssl.verificationMode: none
elasticsearch.username: kibanaserver
elasticsearch.password: <pw>
elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
opendistro_security.multitenancy.enabled: true
opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"]
opendistro_security.readonly_mode.roles: ["kibana_read_only"]
如何通过解决遇到的问题或以其他任何方式跳过登录屏幕。