[HTTP] Fix api/oas dev route (#223487)

## Summary

This fixes the `api/oas` route that was broken due to missing
`security.authz` param.

In #220231 the `security.authz` param is asserted as non-null but when
the route is assigned directly from the `internalSetup.server`, this is
not the case. I believe this is the only such case where this applies.

### Checklist

- [x] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.

---------

Co-authored-by: Elena Shostak <165678770+elena-shostak@users.noreply.github.com>
This commit is contained in:
Nick Partridge 2025-06-17 08:06:27 -05:00 committed by GitHub
parent 2941d04748
commit e84b0abcab
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -273,7 +273,7 @@ export class HttpService
version: schema.maybe(schema.string()), version: schema.maybe(schema.string()),
excludePathsMatching: schema.maybe(stringOrStringArraySchema), excludePathsMatching: schema.maybe(stringOrStringArraySchema),
pathStartsWith: schema.maybe(stringOrStringArraySchema), pathStartsWith: schema.maybe(stringOrStringArraySchema),
pluginId: schema.maybe(schema.string()), pluginId: schema.maybe(schema.string()), // i.e. `@kbn/lens-plugin`
}); });
server.route({ server.route({
@ -324,7 +324,15 @@ export class HttpService
); );
}, },
options: { options: {
app: { access: 'public' }, app: {
access: 'public',
security: {
authz: {
enabled: false,
reason: 'Dev only route',
},
},
},
auth: false, auth: false,
cache: { cache: {
privacy: 'public', privacy: 'public',