Kibana有启用严格的安全要求,您当前的浏览器不符合要求。

huangapple go评论125阅读模式
英文:

Kibana has strict security requirements enabled that your current browser does not meet

问题

我想编写自动化测试来测试Kibana UI中是否存在日志,并且我在使用Java发送HTTP请求到Kibana时遇到了问题。从浏览器中一切正常,但当我使用Jsoup库发送HTTP请求时(使用curl也会出现同样的问题),Kibana会显示以下消息:

请升级您的浏览器 此Elastic安装启用了严格的安全要求,您当前的浏览器不符合要求。

看起来Kibana正在执行一些有漏洞的JavaScript代码,如果它被正确执行,它将停止加载Kibana UI。

<script>
    // 由于这是一个不安全的内联脚本,因此在支持内容安全策略(CSP)的浏览器中不会运行此代码。这是有意的,因为我们在启动时检查__kbnCspNotEnforced__的存在。
    window.__kbnCspNotEnforced__ = true;
</script>
<script src="/bundles/app/kibana/bootstrap.js"></script>

您有没有任何办法可以从代码中解决这个问题?我认为可以从kibana.yaml中禁用这个安全功能,但我不想仅仅为了测试而禁用它。

英文:

I want to write automatic test which tests if there are logs in the kibana UI and I have a problem with sending a http request using java to kibana. From the browser everything is working fine but when I send HTTP request from Jsoup library (the same happens also with curl) the kibana shows me the following:

Please upgrade your browser This Elastic installation has strict
security requirements enabled that your current browser does not meet.

It looks like the kibana is executing some vulnerable js and if it is executed correctly it stops loading the kibana UI.

  &lt;script&gt;
            // Since this is an unsafe inline script, this code will not run
            // in browsers that support content security policy(CSP). This is
            // intentional as we check for the existence of __kbnCspNotEnforced__ in
            // bootstrap.
            window.__kbnCspNotEnforced__ = true;
          &lt;/script&gt;
  &lt;script src=&quot;/bundles/app/kibana/bootstrap.js&quot;&gt;&lt;/script&gt; 

Do you have any idea how to work around that from the code? I think that this security feature can be disabled from the kibana.yaml but I don't want to disable it just for the test.

答案1

得分: 0

我放弃了这样的自动测试,但我想在这里提供一个可能的解决方案(我没有测试过,但应该可以工作)。

您可以使用无头Chrome浏览器。它运行一个没有UI的Chrome浏览器,可以与Selenium库使用的Chrome驱动程序一起使用。
更多信息:https://www.scrapingbee.com/blog/introduction-to-chrome-headless/

英文:

I gave up with such automatic test but I want to answer here one possible solution (I did not test it but it should work).

You can use Headless Chrome browser. It is running a chrome browser without UI which can be used with a chrome driver using selenium library.
More info: https://www.scrapingbee.com/blog/introduction-to-chrome-headless/

答案2

得分: 0

我在尝试使用 Chrome [版本:111.0.5563.64(官方版本)(64 位)] 访问时遇到了这个错误。
然后我切换到 Edge [版本:110.0.1587.63(官方版本)(64 位)],它正常工作。

英文:

I had this error when trying to access it on chrome [Version:111.0.5563.64 (Official Build) (64-bit)].
Then I switched to Edge [Version:110.0.1587.63 (Official build) (64-bit)] and it worked fine.

huangapple
  • 本文由 发表于 2020年9月15日 16:18:54
  • 转载请务必保留本文链接:https://go.coder-hub.com/63897826.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定