github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 17:59:23 -04:00
Code Issues Projects Releases Packages Wiki Activity
Your window into the Elastic Stack
83526 commits 429 branches 496 tags 23 GiB
Find a file
Elena Shostak 8a26cf6f94
[CSP] Added object-src to Content-Security-Policy-Report-Only header (#209306) 
## Summary

Added support for `object_src` directive in reporting mode.

## How to test

- Add in your `kibana.dev.yml`.
```
server.customResponseHeaders.Reporting-Endpoints: violations-endpoint="https://localhost:5601/kibana/internal/security/analytics/_record_violations"
csp.report_to: [violations-endpoint]
```
- Make sure you have [dev tools configured for Reporting
API](https://developer.chrome.com/docs/capabilities/web-apis/reporting-api#use_devtools).
- Add `<embed src="https://not-example.com/flash"/>` anywhere in the
page body in
`src/platform/plugins/shared/home/public/application/components/home.tsx`
and go to Home page
- Open Dev Tools -> Console
You should be able to see the violation
<img width="1023" alt="Screenshot 2025-02-03 at 14 30 03"
src="https://github.com/user-attachments/assets/b2e5f957-4403-4b2b-a3dd-c0109fff6306"
/>


> [!NOTE]
> Hopefully, you should be able to see the violation in the Dev Tools ->
Application -> Reporting, but it's sometimes hard to catch. My recent
Chrome `132.0.6834.160` shows only CSP reports with disposition
`enforce`, not `report`.

### Checklist

- [x]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

### Release Notes

Added `object_src` directive to `Content-Security-Policy-Report-Only`
header.

__Closes: https://github.com/elastic/kibana/issues/208590__

---------

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
2025-02-05 15:18:06 +01:00
.buildkite [ci] Temporarily remove build_plugin_list_docs from Quick Checks (#209687) 2025-02-05 13:39:44 +01:00
.devcontainer Removing experimental for the FIPS mode config (#200734) 2024-11-19 15:23:20 -05:00
.github [chore][serverless] Remove dev-mode Project Switcher (#209144) 2025-02-04 05:55:21 +01:00
api_docs [Streams 🌊] Introduce GroupStreams (#208126) 2025-02-04 11:12:35 +01:00
config [chore][serverless] Remove dev-mode Project Switcher (#209144) 2025-02-04 05:55:21 +01:00
dev_docs [Hardening] Kibana Feature API Privileges Names (#208067) 2025-02-03 15:22:29 +01:00
docs [UA] Update UI copy for batch reindex API (#209403) 2025-02-04 18:27:55 +00:00
examples [Saved Queries] Rework saved query privileges (#202863) 2025-01-29 17:34:58 -04:00
kbn_pm Sustainable Kibana Architecture: Move CodeEditor related packages #205587 (#205738) 2025-01-08 15:25:47 +01:00
legacy_rfcs SKA: Update broken references and URLs (#206836) 2025-01-28 03:32:48 +00:00
licenses Adds AGPL 3.0 license (#192025) 2024-09-06 19:02:41 -06:00
oas_docs [Detection Engine][Docs] Updating examples to meet old ascii docs (#207558) 2025-02-05 08:02:48 +01:00
packages [Security Solution][Detection Engine] EUI Tech Debt - Removes references to static EuiTheme variables (#208820) 2025-02-04 19:58:26 -06:00
plugins
scripts SKA: Update broken references and URLs (#206836) 2025-01-28 03:32:48 +00:00
src [CSP] Added object-src to Content-Security-Policy-Report-Only header (#209306) 2025-02-05 15:18:06 +01:00
test [Console] Refactor flaky test (#209516) 2025-02-05 11:28:46 +01:00
typings make emotion typing global (#200958) 2024-12-05 12:20:43 -06:00
x-pack 🌊 Make client check for hierarchy conflicts before creating streams (#208914) 2025-02-05 15:01:47 +01:00
.backportrc.json chore(NA): adds 9.0 into backportrc (#208999) 2025-01-31 06:04:50 +00:00
.bazelignore Remove references to deleted .ci folder (#177168) 2024-02-20 19:54:21 +01:00
.bazeliskversion chore(NA): upgrade bazelisk into v1.11.0 (#125070) 2022-02-09 20:43:57 +00:00
.bazelrc chore(NA): use new and more performant BuildBuddy servers (#130350) 2022-04-18 02:01:38 +01:00
.bazelrc.common Transpile packages on demand, validate all TS projects (#146212) 2022-12-22 19:00:29 -06:00
.bazelversion chore(NA): revert bazel upgrade for v5.2.0 (#135096) 2022-06-24 03:57:21 +01:00
.browserslistrc Add Firefox ESR to browserlistrc (#184462) 2024-05-29 17:53:18 -05:00
.editorconfig
.eslintignore SKA: Fix outdated eslint rules (#206961) 2025-01-28 08:49:39 +01:00
.eslintrc.js SKA: Update repository structure documentation (#208691) 2025-01-29 13:34:00 -06:00
.gitattributes
.gitignore [Investigate App] add MVP evaluation framework for AI root cause analysis integration (#204634) 2025-01-17 12:16:10 -05:00
.i18nrc.json [Discover] In-table search (#206454) 2025-01-29 19:52:07 -04:00
.node-version Upgrade Node.js to 20.18.2 (#207431) 2025-01-22 12:00:14 -06:00
.npmrc [npmrc] Fix puppeteer_skip_download configuration (#177673) 2024-02-22 18:59:01 -07:00
.nvmrc Upgrade Node.js to 20.18.2 (#207431) 2025-01-22 12:00:14 -06:00
.prettierignore
.prettierrc
.puppeteerrc Add .puppeteerrc (#179847) 2024-04-03 09:14:39 -05:00
.stylelintignore
.stylelintrc Bump stylelint to ^14 (#136693) 2022-07-20 10:11:00 -05:00
.telemetryrc.json Sustainable Kibana Architecture: Move modules owned by @elastic/kibana-core (#201653) 2025-01-04 11:47:24 -07:00
.yarnrc
BUILD.bazel Transpile packages on demand, validate all TS projects (#146212) 2022-12-22 19:00:29 -06:00
catalog-info.yaml Configures PagerDuty Backstage Integration for kbn (#208440) 2025-01-27 23:29:11 +00:00
CODE_OF_CONDUCT.md
CONTRIBUTING.md
FAQ.md Fix small typos in the root md files (#134609) 2022-06-23 09:36:11 -05:00
fleet_packages.json [main] Sync bundled packages with Package Storage (#209332) 2025-02-05 09:37:41 +00:00
github_checks_reporter.json
kibana.d.ts Adds AGPL 3.0 license (#192025) 2024-09-06 19:02:41 -06:00
LICENSE.txt Adds AGPL 3.0 license (#192025) 2024-09-06 19:02:41 -06:00
NOTICE.txt [api-docs] 2025-01-01 Daily api_docs build (#205342) 2025-01-01 01:37:13 -06:00
package.json Update dependency form-data to ^4.0.1 !! (#209533) 2025-02-05 11:22:35 +01:00
preinstall_check.js Adds AGPL 3.0 license (#192025) 2024-09-06 19:02:41 -06:00
README.md
renovate.json Remove APM team from cypress ownership (#209666) 2025-02-04 21:05:32 +00:00
RISK_MATRIX.mdx
run_fleet_setup_parallel.sh Sustainable Kibana Architecture: Move modules owned by @elastic/fleet (#202422) 2024-12-24 15:32:43 +01:00
SECURITY.md
sonar-project.properties [sonarqube] update memory, cpu (#190547) 2024-09-09 16:16:30 -05:00
STYLEGUIDE.mdx [styleguide] update path to scss theme (#140742) 2022-09-15 10:41:14 -04:00
tsconfig.base.json [chore][serverless] Remove dev-mode Project Switcher (#209144) 2025-02-04 05:55:21 +01:00
tsconfig.browser.json
tsconfig.browser_bazel.json
tsconfig.json Transpile packages on demand, validate all TS projects (#146212) 2022-12-22 19:00:29 -06:00
TYPESCRIPT.md Fix small typos in the root md files (#134609) 2022-06-23 09:36:11 -05:00
updatecli-compose.yaml deps(updatecli): bump all policies (#195865) 2024-10-15 07:37:12 -05:00
versions.json chore(NA): update versions after v9.1.0 bump (#208997) 2025-01-31 06:04:40 +00:00
WORKSPACE.bazel Upgrade Node.js to 20.18.2 (#207431) 2025-01-22 12:00:14 -06:00
yarn.lock Update dependency form-data to ^4.0.1 !! (#209533) 2025-02-05 11:22:35 +01:00

README.md

Kibana

Kibana is your window into the Elastic Stack. Specifically, it's a browser-based analytics and search dashboard for Elasticsearch.

Getting Started

If you just want to try Kibana out, check out the Elastic Stack Getting Started Page to give it a whirl.

If you're interested in diving a bit deeper and getting a taste of Kibana's capabilities, head over to the Kibana Getting Started Page.

Using a Kibana Release

If you want to use a Kibana release in production, give it a test run, or just play around:

Building and Running Kibana, and/or Contributing Code

You might want to build Kibana locally to contribute some code, test out the latest features, or try out an open PR:

Documentation

Visit Elastic.co for the full Kibana documentation.

For information about building the documentation, see the README in elastic/docs.

Version Compatibility with Elasticsearch

Ideally, you should be running Elasticsearch and Kibana with matching version numbers. If your Elasticsearch has an older version number or a newer major number than Kibana, then Kibana will fail to run. If Elasticsearch has a newer minor or patch number than Kibana, then the Kibana Server will log a warning.

Note: The version numbers below are only examples, meant to illustrate the relationships between different types of version numbers.

Situation Example Kibana version Example ES version Outcome
Versions are the same. 7.15.1 7.15.1 💚 OK
ES patch number is newer. 7.15.0 7.15.1 ⚠️ Logged warning
ES minor number is newer. 7.14.2 7.15.0 ⚠️ Logged warning
ES major number is newer. 7.15.1 8.0.0 🚫 Fatal error
ES patch number is older. 7.15.1 7.15.0 ⚠️ Logged warning
ES minor number is older. 7.15.1 7.14.2 🚫 Fatal error
ES major number is older. 8.0.0 7.15.1 🚫 Fatal error

Questions? Problems? Suggestions?

  • If you've found a bug or want to request a feature, please create a GitHub Issue. Please check to make sure someone else hasn't already created an issue for the same topic.
  • Need help using Kibana? Ask away on our Kibana Discuss Forum and a fellow community member or Elastic engineer will be glad to help you out.