Canvas hangs when user tries to edit image

[rayafratkina]

Kibana version: 6.7

**Elasticsearch version: 6.7 **

Server OS version: cloud

Browser version: Chrome

Browser OS version: Windows

Original install method (e.g. download page, yum, from source, etc.):
Cloud instance from 6.7 BC

Steps to reproduce:

1. Add image to the workpad
2. Set it to pull from a URL
3. Change it to use a specific asset
4. Click on the link tab again and try to edit the URL
   -> browser hangs

Screenshots (if relevant):

Errors in browser console (if relevant):
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-SHHSeLc0bp6xt4BoVVyUy+3IbVqp3ujLaR+s+kSP5UI='), or a nonce ('nonce-...') is required to enable inline execution.

:9243/s/rayas-playground/bundles/app/canvas/bootstrap.js:10 ^ A single error about an inline script not firing due to content security policy is expected!
(unknown) WebExtension::executeScript: content script injected

[elasticmachine]

Pinging @elastic/kibana-canvas

[rayafratkina]

Image I am using is

[bellatrix1001]

Having the same issue without Canvas - as soon as Kibana loads. Using Nginx for a proxy and Chrome 73.

[Parthasarathi7722]

Having the same issue since this morning, below is the error.

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'nonce-qGH+wfBcFFcPB46F'". Either the 'unsafe-inline' keyword, a hash ('sha256-SHHSeLc0bp6xt4BoVVyUy+3IbVqp3ujLaR+s+kSP5UI='), or a nonce ('nonce-...') is required to enable inline execution.

any solution ???

[Susmit07]

Is it solved, I am facing the same issue, and its a production issue. Please hep out

[EssamEid614]

i have had this isse with kibana trying to load maps and i faced the same csp warning , adding the csp rules in kibana.yml file fixed it for me
csp.rules:

• "script-src 'self' https://.bing.com https://.virtualearth.net 'unsafe-eval' 'unsafe-inline'"

consider *.bing.com and *.virtualearth.net as the website u are loading the resource from

but this is on kibana 7.1.1 not 6

[Susmit07]

@EssamEid614 : so what does the final kibana.yml file looks like?
I got the same issue while I was trying to access the Kibana dashboard from outside the VM, the elastic search instance was running.

The kibana dashboard itself was not loading up

[vrajroutu]

I have a similar error too.

[rayafratkina]

Please note that a single unsafe-eval error on load is not a bug: see #30468 for discussion

[dipjyotighosh]

@EssamEid614 : so what does the final kibana.yml file looks like?
I got the same issue while I was trying to access the Kibana dashboard from outside the VM, the elastic search instance was running.

The kibana dashboard itself was not loading up

Hi, was the issue resolved for you?
Can you please specify what needs to be added if the kibana.yml reads like this?

Default Kibana configuration for docker target

server.name: kibana
server.host: "0"
elasticsearch.hosts: [ "http://elasticsearch:9200" ]
xpack.monitoring.ui.container.elasticsearch.enabled: true
~
~
"kibana.yml" [noeol] 9L, 240C

[clintandrewhall]

From #109767:

The reason this bug exists is because there is a bug where, if you use an asset, the link field is populated with the asset url. The larger the asset, the longer the URL you have to delete in order to replace it. On older machines, this would like cause the browser to freeze.