Most recent Safari version doesn't process shared Kibana dashboards in iframe due to CSP violation #150162
Labels
bug
Fixes for quality problems that affect the customer experience
Feature:Embedding
Embedding content via iFrame
impact:low
Addressing this issue will have a low level of impact on the quality/strength of our product.
loe:large
Large Level of Effort
Team:Presentation
Presentation Team for Dashboard, Input Controls, and Canvas
Team:SharedUX
Team label for AppEx-SharedUX (formerly Global Experience)
**Kibana version: 8.5.2
**Elasticsearch version: 8.5.2
**Browser version: Safari 16.3
**Browser OS version: Mac OS 12.6.3, iOS 16.3
**Describe the bug:
The most recent Safari version doesn't process a shared Kibana dashboard in an iframe
Steps to reproduce:
Go to https://www.zora.uzh.ch using Safari 16.3
Dashboard under "Open Access Distribution" isn't displayed. See errors in browser console below.
This dashboard is embedded as an iframe from https://www.kibanapublic.uzh.ch/s/oam/app/dashboards?auth_provider_hint=anonymous1#/view/8f7c8fce-4bb3-574f-84c7-6ae2c7467901?embed=true&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-100y,to:now))&hide-filter-bar=true into www.zora.uzh.ch . The former URL (open iframe in new tab) works.
Expected behavior:
Older Safari browsers, Firefox, Google Chrome do work.
Errors in browser console (if relevant):
Many errors are displayed, but the most relevant is:
"Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy (dashboard.js, line 286)"
The text was updated successfully, but these errors were encountered: