Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove XSRF Header and usage #12528

Closed
wants to merge 1 commit into from
Closed

Remove XSRF Header and usage #12528

wants to merge 1 commit into from

Conversation

pickypg
Copy link
Member

@pickypg pickypg commented Jun 28, 2017

Removes a prefilter that was applied to any angular $http request to automatically add the kbn-version header unless explicitly told to not do it.

This also removes the same behavior from jQuery AJAX calls via the prefilter in the same file.

These were discovered when working to resolve why Console was adding the header.

Closes #12527

@pickypg
Remove XSRF Header and usage
e2a4deb 
Removes a prefilter that was applied to any angular $http request to
automatically add the kbn-version header unless explicitly told to not do
it.

This also removes the same behavior from jQuery AJAX calls via the
prefilter in the same file.

These were discovered when working to resolve why Console was adding the
header.
@pickypg pickypg requested review from spalger and azasypkin June 28, 2017 00:10
azasypkin
azasypkin reviewed Jun 28, 2017
View reviewed changes
src/core_plugins/console/public/src/es.js
@@ -15,11 +15,11 @@ export function send(method, path, data) {
method = "POST";
}

let contentType;
// even body-less requests will be sent with JSON as the content-type to appease Kibana
let contentType = 'application/json';
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like there is an open PR that trying to fix the same thing as well: #12294.

Sorry for wasting your time @pickypg :( but yesterday we decided to rollback "content-type as xsrf token" PR for 6.0 so that we can have more time to decide how to be fully compliant with ES and to not release half-baked solution for such important thing.

I still think it will be good to change our code to always pass correct content-type though, but at this point we can't get rid of old xsrf approach. What are your thoughts @epixa ?

@spalger
Copy link
Contributor

spalger commented Jun 28, 2017

As far as I can tell this is superseded by #12547

@spalger spalger closed this Jun 28, 2017
@pickypg pickypg deleted the feature/remove-xsrf-header branch June 29, 2017 17:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@azasypkin azasypkin azasypkin left review comments

@spalger spalger Awaiting requested review from spalger

Assignees
No one assigned
Labels
Feature:Console Dev Tools Console Feature release_note:deprecation release_note:enhancement review v6.0.0-rc1 v6.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Console] Stop using deprecated kbn-version header
4 participants
@pickypg @spalger @azasypkin @jimgoodwin