`status.allowAnonymous: true` doesn't allow access to /status

[elasticmachine]

Original comment by @cjcenizal:

If you set status.allowAnonymous: true in kibana.yml, you should be able to access the status page at {basepath?}/status.

Instead, you see the status page for an instant, and then get booted back to the login screen with the message that your session has expired.

When the status page loads, it looks like the culprit is likely a request that gets sent to /me which gets a 401 response.

[elasticmachine]

Original comment by @ycombinator:

I'm seeing a slightly different behavior (but this bug still stands). When I set status.allowAnonymous: true and try to visit the status page, I get the browser's native basic auth dialog. Of course, entering valid credentials in there logs me in to Kibana, as if I had entered them on the login page.

!LINK REDACTED

[elasticmachine]

Original comment by @mellieA:

I have a customer reporting this issue on 5.0, can you confirm if it is fixed in 5.1.1 or is still pending for a future release?

[elasticmachine]

Original comment by @ycombinator:

@mellieA Its not fixed in 5.1.1 so yeah, still pending for a future release.

[elasticmachine]

Original comment by @epixa:

No activity on this since 5.1, I wonder if this has been fixed.

[bhchew]

I confirmed even for 6.4.1 this is still not fixed

[epixa]

@elastic/kibana-platform

[epixa]

Actually, I guess this is probably a security team thing.

[epixa]

@elastic/kibana-security