Kibana: [Reporting] Refused to execute inline script error in Kibana log when generating a report
Kibana version: 7.6.0
Elasticsearch version: 7.6.0
Browser version: Firefox
Original install method (e.g. download page, yum, from source, etc.): BC2
Describe the bug:
When generating a PNG/PDF report on a dashboard, the following error shows up in the Kibana logs:
PNG:
log [12:47:45.097] [error][PNG][browser-driver][execute][headless-browser-console]
[k5wg5y4h04t11d4cb7fl9e4s][reporting] Refused to execute inline script because it violates the
following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline'
keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce
('nonce-...') is required to enable inline execution.
PDF:
log [12:54:17.732] [error][browser-driver][execute][headless-browser-console]
[k5wgecud0dsi1d4cb74eypq9][printable_pdf][reporting] Refused to execute inline script because it
violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the
'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a
nonce ('nonce-...') is required to enable inline execution.
Steps to reproduce:
- Load sample data.
- Generate a PNG report on a dashboard.
There doesn't seem to be any problem caused to the display of the dashboard or the generation of the report. The same thing happens if you try to generate a report on a visualization so it doesn't seem to be tied to dashboards.
Tested with the tar.gz package on Ubuntu 18.
marius-dr
All 7 comments
Pinging @elastic/kibana-reporting-services (Team:Reporting Services)
elasticmachine
on 27 Jan 2020
As far as I know, this is expected behavior. I'm not sure why it continues to happen but I think I first noticed these logs along with the CSP implementation.
This message is also seen in the console of an interactive browser for every Kibana page:
In the logs of a screenshot operation, error messages printed to the browser console are always carried through to the Kibana server logs.
The followup log, ^ A single error about an inline script not firing due to content security policy is expected!, does not show in the logs because it is low-level. Verbose logging would need to be enabled to see that followup message.
cc @epixa @elastic/kibana-security
tsullivan
on 28 Jan 2020
As far as I know, this is expected behavior. I'm not sure why it continues to happen but I think I first noticed these logs along with the CSP implementation.
Yes, this is currently expected behavior, we do have an issue open to improve it though: #30468
This issue can be closed as it's essentially a duplicate of the other one.
jportner
on 28 Jan 2020
hi All!
I've bumped into the same issue recently when I've upgraded to 7.7.0 version. I've inspected server logs and found out that new JS & CSS assets are not being loaded on the browser. Instead cached version are being used. In our setup we have proxy server in front of kibana app that performs caching for static content files. The issue itself comes from the fact that js & css assets do not have md5 checksum attached to the end of filename. When you upgrade kibana version it will still load previous asset versions leading to different errors in browser console. In order to fix it just clear proxy server cache & browser cache.
Here is an example of asset that does not have md5 checksum attached to filename:
built_assets/dlls/vendors_runtime.bundle.dll.js
One would expect to have something like: built_assets/dlls/vendors_runtime.bundle.$MD5$.dll.js
rous-gg
on 26 May 2020
I have the same errors in the console.
kibana hangs on loading and after a while an error appear on the screen. which says kibana not loaded correctly please check your server logs. I have removed all the cache but the error still exists.
EhsanSarshar
on 23 Nov 2020
Hi @EhsanSarshar, I suspect the problem you are running into is unrelated to the CSP console log mentioned in this issue. To reiterate, this message is expected and is not indicative of a problem with Kibana.
If you don't have a specific bug to report and you're looking for assistance getting Kibana up and running, feel free to create a topic on our forum at discuss.elastic.co.
jportner
on 23 Nov 2020
@jportner thanks for your response. I just faced the same issue as posted by @marius-dr . those errors also exist in the console. but the kibana is working correctly in other machines but as I run it in my machine it hangs for a while and then an error message on the screen
EhsanSarshar
on 23 Nov 2020
Related issues
celesteking
路
3Comments
spalger
路
3Comments
LukeMathWalker
路
3Comments
treussart
路
3Comments
cafuego
路
3Comments
Most helpful comment
hi All!
I've bumped into the same issue recently when I've upgraded to 7.7.0 version. I've inspected server logs and found out that new JS & CSS assets are not being loaded on the browser. Instead cached version are being used. In our setup we have proxy server in front of kibana app that performs caching for static content files. The issue itself comes from the fact that js & css assets do not have md5 checksum attached to the end of filename. When you upgrade kibana version it will still load previous asset versions leading to different errors in browser console. In order to fix it just clear proxy server cache & browser cache.
Here is an example of asset that does not have md5 checksum attached to filename:
built_assets/dlls/vendors_runtime.bundle.dll.js
One would expect to have something like: built_assets/dlls/vendors_runtime.bundle.$MD5$.dll.js