github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 17:59:23 -04:00
Code Issues Projects Releases Packages Wiki Activity

[8.16] [8.15] [Kibana data view] Fix issue empty user-hash in data view request headers (#197863) (#198235)

Browse source 
# Backport

This will backport the following commits from `main` to `8.16`:
- [[8.15] [Kibana data view] Fix issue empty user-hash in data view
request headers
(#197863)](https://github.com/elastic/kibana/pull/197863)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Mohamed
Abdelgaber","email":"muhamedabdelgaber@gmail.com"},"sourceCommit":{"committedDate":"2024-10-29T23:53:09Z","message":"[8.15]
[Kibana data view] Fix issue empty user-hash in data view request
headers (#197863)\n\nto fix not compliant HTTP request\r\n\r\n##
Summary\r\n\r\nFix not compliant HTTP request\r\nfor example, request
\"GET\r\n/s/<space>/internal/data_views/fields?pattern=abc\" Sometimes
request\r\nheaders have a user-hash field with an empty value and this
makes the\r\nrequest not HTTP compliant in some scenarios the request
will be dropped\r\nby WAF or by another security edge for
example.\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/de606665-12e6-475c-a2e4-c2e594957f11)\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>\r\nCo-authored-by:
mabdelgaber.SEC
<mohamed.abdelgaber@orange.com>","sha":"f102ace317700a1841ec77c84c77f76041157746","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","💝community","v9.0.0","Team:DataDiscovery","backport:prev-major"],"title":"[8.15]
[Kibana data view] Fix issue empty user-hash in data view request
headers","number":197863,"url":"https://github.com/elastic/kibana/pull/197863","mergeCommit":{"message":"[8.15]
[Kibana data view] Fix issue empty user-hash in data view request
headers (#197863)\n\nto fix not compliant HTTP request\r\n\r\n##
Summary\r\n\r\nFix not compliant HTTP request\r\nfor example, request
\"GET\r\n/s/<space>/internal/data_views/fields?pattern=abc\" Sometimes
request\r\nheaders have a user-hash field with an empty value and this
makes the\r\nrequest not HTTP compliant in some scenarios the request
will be dropped\r\nby WAF or by another security edge for
example.\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/de606665-12e6-475c-a2e4-c2e594957f11)\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>\r\nCo-authored-by:
mabdelgaber.SEC
<mohamed.abdelgaber@orange.com>","sha":"f102ace317700a1841ec77c84c77f76041157746"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/197863","number":197863,"mergeCommit":{"message":"[8.15]
[Kibana data view] Fix issue empty user-hash in data view request
headers (#197863)\n\nto fix not compliant HTTP request\r\n\r\n##
Summary\r\n\r\nFix not compliant HTTP request\r\nfor example, request
\"GET\r\n/s/<space>/internal/data_views/fields?pattern=abc\" Sometimes
request\r\nheaders have a user-hash field with an empty value and this
makes the\r\nrequest not HTTP compliant in some scenarios the request
will be dropped\r\nby WAF or by another security edge for
example.\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/de606665-12e6-475c-a2e4-c2e594957f11)\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>\r\nCo-authored-by:
mabdelgaber.SEC
<mohamed.abdelgaber@orange.com>","sha":"f102ace317700a1841ec77c84c77f76041157746"}}]}]
BACKPORT-->

Co-authored-by: Mohamed Abdelgaber <muhamedabdelgaber@gmail.com>
This commit is contained in:
Kibana Machine 2024-10-30 12:34:39 +11:00 committed by GitHub
parent 45b0eada97
commit 36ec5f3c0b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 2 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/plugins/data_views/public/data_views/data_views_api_client.test.ts
View file

@ -30,9 +30,6 @@ describe('IndexPatternsApiClient', () => {
expect(fetchSpy).toHaveBeenCalledWith(expectedPath, {
// not sure what asResponse is but the rest of the results are useful
asResponse: true,
headers: {
'user-hash': '',
},
query: {
allow_hidden: undefined,
allow_no_index: undefined,

3
src/plugins/data_views/public/data_views/data_views_api_client.ts
View file

@ -56,6 +56,7 @@ export class DataViewsApiClient implements IDataViewsApiClient {
const userId = await this.getCurrentUserId();
const userHash = userId ? await sha1(userId) : '';
const headers = userHash ? { 'user-hash': userHash } : undefined;
const request = body
? this.http.post<T>(url, { query, body, version, asResponse })
@ -64,7 +65,7 @@ export class DataViewsApiClient implements IDataViewsApiClient {
version,
...cacheOptions,
asResponse,
headers: { 'user-hash': userHash },
headers,
});
return request.catch((resp) => {