Safari doesn't let the user login into embedded iFrame when shared. #10176
Comments
bhavyarm
added
:Sharing
bug
|
Works fine on IE. |
|
@bhavyarm - would you mind trying this again, but making sure that you cleared your cookies in Safari? We've seen the infinite login loop as described in https://github.com/elastic/x-pack/issues/4496 outside of an iFrame and I'd like to make sure it's not the same underlying issue. |
|
@kobelb sorry. I just saw this comment. So yes. I cleared my cookies and safari still doesn't let the user login. Thanks! |
|
Is this issue still being tracked somewhere? It is still an issue with safari for me. |
|
@stacey-gammon @kobelb also having this issue - anywhere we can check on it? |
|
@samphibian - the trouble is that we haven't been able to reproduce this issue. Are you also using version 5.2? What if you bypass the iframe in Safari and visit the url directly, does login work in that case? Does it work if you try it in Chrome? Are you using Kibana behind a proxy or firewall? |
|
@stacey-gammon I am using version 5.5.0. It does not work either via the iframe or if I visit the url directly in Safari, Chrome, or Opera. If I use the iframe, I get a message on the page saying session expired, but when I try logging in directly, I just get a message saying It might be a slightly different issue that just looks similar since I do get some errors in the console when using the 3 browsers I mentioned above (just not with Firefox). I can open up a new bug with all the details if that would be better. @egarl004 said that they're also experiencing this issue |
|
@stacey-gammon Just checking in to see if there are any updates? |
|
Hi @samphibian, sorry for the delay. I think you did the right thing in opening a new ticket, since it seems your issue really has nothing specific to do with iframes, nor safari. @egarl004 - are you still running into this issue, and if so, is it just an issue when there is an iframe, or is there a login problem all the time? I'm going to go ahead and close this back up, lets continue the discussion in the new ticket you opened. I'll try and take a deeper look today to see if I have any ideas as to what is going on. @egarl004 - I'll reopen this one if your issue is specific to iframes/safari. If it looks more like @samphibian's issue, lets also follow up on that separate ticket. |
|
I have this same issue on ios devices. |
|
@Shifter2600 - are you trying to log in via an iframe? or directly? If via an iframe, can you try to log in directly and see if that works? Then we can narrow down whether the problem is with the iframe or just with the login code. |
|
Login directly works. Still can't login to the iframe. iframe is how we present Kibana to clients. Need to have this fixed! |
|
@SeanHansell we're been unable to replicate this issue to be able to determine the appropriate fix. Would you mind trying to login via the iFrame with another browser besides Safari to see if it works for you? |
|
Still does not work. It makes sharing dashboards/visualization unusable... very easy to replicate If a user is already logged in on safari, the user can view embedded iframe. If a user is not already logged in and tries to view embedded iframe, the user is prompted to login and is unable to. The user gets redirected back to login page with no error message. |
|
Yes, we are having the same issue still in Kibana 6.6.0. Login using POST "/api/security/v1/login" does not work in iOS/OSX Safari, meaning that iFrame is not authorized after this call, and this works in majority of the browsers |
|
Issue is still reproducible in Safari 13.0.3 because Safari doesn't accept cookie set inside iframe, thus consecutive requests are redirected to login again.
This is stated in https://gist.github.com/iansltx/18caf551baaa60b79206 with possible workaround which is not applicated to Kibana. @stacey-gammon @kobelb Could we consider reopening this issue? |
## Summary closes [#10176](elastic/security-team#10176) I've been looking into a few of our flaky tests and come up with a couple of actions, I will comment on them individually. Co-authored-by: Elastic Machine <[email protected]>
Kibana version: 5.2.0 (same bug in 5.1.2)
Elasticsearch version: 5.2.0
Server OS version: darwin_x_86_64
Browser version: Safari latest
Browser OS version: OS X
Original install method (e.g. download page, yum, from source, etc.): download page
Description of the problem including expected versus actual behavior: If you embed an iFrame into a validated html file and open it in Safari (for sharing a visualization or a dashboard) and the user has never logged in - Kibana doesn't let the user login. This doesn't happen in chrome or firefox.
Steps to reproduce:
Errors in browser console (if relevant):
You see "Unexpected CSS token:" as a warning. So, probably not really relevant.
The text was updated successfully, but these errors were encountered: