Searchguard cookie samesite

I’m having a problem opening the kibana with searchguard in an iframe in my application. This only happens with the new version of chrome. https://www.chromestatus.com/feature/5088147346030592

Error: A cookie associated with a cross-site resource at http://192.168.1.9/ was set without the SameSite attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

Is it possible to solve the problem without updating the searchguard?

Do you say your setup worked before Chrome v80.0.3987.149?

In order to reproduce your issue, we need more info:

  1. Kbana config, kibana.yml
  2. Searchguard config, sg_config.yml
  3. Kibana logs if you have any errors there. Make sure you have the following options in kibana.yml
logging.silent: false
logging.quiet: false
  1. Elasticsearch logs if you have any errors there.

Yes. In all other browsers it works normally.
The problem is not with any elastic/ kibana/searchguard configuration.

Is it possible to change the value of the samesite as the searchguard plugin?
image

If in chrome disable ‘samesite by deafult cookies’ it works normally.
image

What authentication type did you configure in SearchGuard?

HTTP basic authentication with anonymous mode

I found this at kibana github:

1 Like

Thank you. We will look into it.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

Will be fixed in the next version of the Kibana plugin.

1 Like