mirror of
https://github.com/elastic/kibana.git
synced 2025-06-27 18:51:07 -04:00
23d39555e0
## Summary Closes https://github.com/elastic/kibana/issues/163678 * Raise the notion of "internal" into `CoreKibanaRequest`. This enables us to share this with lifecycle handlers and control validation of query params * Added new `isInternalRequest` alongside `isSystemRequest` and `isFakeRequest` * Slight simplification to existing internal restriction check * Some other chores and minor fixes ## Test * Start ES with `yarn es serverless` and Kibana with `yarn start --serverless --server.restrictInternalApis=true` * Add the service account token to `kibana.dev.yml`: `elasticsearch.serviceAccountToken: <SAT>` * Send a request to an internal endpoint like: `curl -XPOST -uelastic:changeme http://localhost:5601/<base-path>/api/files/find -H 'kbn-xsrf: foo' -H 'content-type: application/json' -d '{}'` * Should give you a 400 result * message like `{"statusCode":400,"error":"Bad Request","message":"uri [http://localhost:5603/api/files/find] with method [post] exists but is not available with the current configuration"}` * Send the same request, but include the query param: `elasticInternalOrigin=true` * Should give you a 200 result --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| analytics | ||
| application | ||
| apps | ||
| base | ||
| capabilities | ||
| chrome | ||
| config/core-config-server-internal | ||
| custom-branding | ||
| deprecations | ||
| doc-links | ||
| elasticsearch | ||
| environment | ||
| execution-context | ||
| fatal-errors | ||
| http | ||
| i18n | ||
| injected-metadata | ||
| integrations | ||
| lifecycle | ||
| logging | ||
| metrics | ||
| mount-utils | ||
| node | ||
| notifications | ||
| overlays | ||
| plugins | ||
| preboot | ||
| rendering | ||
| root | ||
| saved-objects | ||
| status | ||
| test-helpers | ||
| theme | ||
| ui-settings | ||
| usage-data | ||
| user-settings | ||