Part of #141780
## Release notes
Include Cross-Origin-Opener-Policy in default response headers
## Testing
Load Kibana; you should see Kibana respond with
`Cross-Origin-Opener-Policy: same-origin` header for page loads and API
requests.
The current example contains invalid characters and does not work. Furthermore does it incorrectly point towards the Elasticsearch API instead of the Kibana API. Both is addressed in this change.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Use brotli compression
* [CI] Auto-commit changed files from 'node scripts/eslint --no-cache --fix'
* Add integration test for brotli support
* Use import instead of require()
* Suppress build error on importing brok
* [CI] Auto-commit changed files from 'node scripts/precommit_hook.js --ref HEAD~1..HEAD --fix'
* add brok as explicit package dep
* add `server.compression.brotli` config settings
* update documentation
* fix test utils
* fix more test configs
* add tests for endpoints too
* remove against endpoint for now
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: pgayvallet <pierre.gayvallet@elastic.co>
This removes indication that the `server.publicBaseUrl` setting is supported on Elasticsearch Service. While the setting is technically available in ESS it's not configurable and it's best not documented.
Adds a new experimental Kibana setting called `csp.disableUnsafeEval` which will default to `false`. When set to `true`, it will remove `unsafe-eval` from our CSP.
Also introduces a new module called `@kbn/handlebars` which is a replacement for the official `handlebars` module used in the frontend. This new module is necessary in order to avoid calling `eval`/`new Function` from within `handlebars` which is not allowed once `unsafe-eval` is removed from our CSP.
The `@kbn/handlebars` module is simply an extension of the main `handlebars` module which adds a new compile function called `compileAST` (as an alternative to the regular `compile` function). This new function will not use code-generation from strings to compile the template but will instead generate an AST and return a render function with the same API as the function returned by the regular `compile` function.
This is a little bit slower method, but since this is only meant to be used client-side, the slowdown should not be an issue.
The following limitations exists when using `@kbn/handlebars`:
The Inline partials handlebars template feature is not supported.
Only the following compile options will be supported:
- `knownHelpers`
- `knownHelpersOnly`
- `strict`
- `assumeObjects`
- `noEscape`
- `data`
Only the following runtime options will be supported:
- `helpers`
- `blockParams`
- `data`
Closes#36311
* Descriptive logs with docLinks for cluster shard limit exceeded
* Integration test for isClusterShardLimitExceeded
* Fix jest test snapshots
* Apply suggestions from code review
Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
* PR feedback
* PR feedback
* Unit tests for isClusterShardLimitExceeded
* Use constast for repeated strings
Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
* Add reproducing test case
* Fix and add integration test
* Transient settings should take preference
* Rename unsupported_cluster_routing_allocation error to incompatible_cluster_routing_allocation
* Retry INIT when action fails with [incompatible_cluster_routing_allocation]
* Apply suggestions from code review
Co-authored-by: Christiane (Tina) Heiligers <christiane.heiligers@elastic.co>
* Fix archive with trial licence and re-enable skipped test
* Integration test for incompatible cluster routing allocation
* Fix types after renaming UnsupportedClusterRoutingAllocation
* Attempt to fix open handle tests
Co-authored-by: Christiane (Tina) Heiligers <christiane.heiligers@elastic.co>
The `server.uuid` setting MUST be a valid UUIDv4.
Also, the setting was added in the middle of other SSL settings and it was misleading (due to a banner related to SSL settings).
* reapply docs and doclink changes
* Updates wait_for_index_yellow_status response type on response timeout, updates create_index action and model to account for the changes
* Refactors clone_index action to account for new return type of waitForIndexYellow, updates model
* Updates README
* Updates snapshot
* Updates docs
* Fix import violations
* imports
* Extends the retry log message with an actionable item linking to the docs on every retryable migration action
* Refactor retry_state and model to allow linking to specific subsections in the docs
* Updates resolving saved objects migration failures docs
* Calls waitForIndexStatusYellow directly in actions integration tests
* Deletes comment
* Update src/core/server/saved_objects/migrations/model/retry_state.test.ts
Co-authored-by: Rudolf Meijering <skaapgif@gmail.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Rudolf Meijering <skaapgif@gmail.com>
