-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[data views] implement fallback sha1 hash for fields request #175181
Conversation
/ci |
Pinging @elastic/kibana-data-discovery (Team:DataDiscovery) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not directly involved in the code review but was in the process of that failure. This PR LGTM
package.json
Outdated
@@ -1459,6 +1460,7 @@ | |||
"@types/redux-actions": "^2.6.1", | |||
"@types/redux-logger": "^3.0.8", | |||
"@types/resolve": "^1.20.1", | |||
"@types/rusha": "^0.8.3", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thx for taking care of this so quickly 👍 QQ: why not using kbn-crypto-browser
, it's not sha1 but sha256, which should do the job, and no new dependency would be necessary (and it just this could be used, to simplify the code)
https://github.com/elastic/kibana/blob/4824d9da8c59f03522779d1b41d531f52b255dab/packages/kbn-crypto-browser/README.md#L4-L3
Maybe it would also reduce the size of the async chunk which has a plus of +12.0KB with this PR
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, that does make more sense!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good idea here :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Works well, tested locally at both localhost
and 0.0.0.0
(thanks btw, TIL). LGTM 👍
src/plugins/data_views/public/data_views/data_views_api_client.ts
Outdated
Show resolved
Hide resolved
… into data_views_fallback_sha1
💚 Build Succeeded
Metrics [docs]Module Count
Async chunks
Page load bundle
History
To update your PR or re-run it, just comment with: cc @mattkime |
…#175181) ## Summary tldr; The implements a fallback sha1 method when using the browser in an insecure context. The data views fields requests cache need uniqueness across users. This has been implemented by hashing the user object into a HTTP header using sha1. Typically we can use the browser's built in crypto objects for this HOWEVER its not available in insecure contexts - https://www.chromium.org/blink/webcrypto/#accessing-it - this PR supplies a sha1 function for insecure contexts. How to test - when running kibana locally, it will run in a secure context via 127.0.0.1 or localhost. It will run in an insecure context at 0.0.0.0. Simply load some sample data and load a data view. follow up to elastic#168910 Screenshot of error resolved by this pr - ![Visualize Visualize Reporting Screenshots Print PDF button becomes available whe-c57ca69f29465527c4079569a4548eb10fe0568302776500148260b299fbd5c4](https://github.com/elastic/kibana/assets/216176/d7bcec41-631f-426f-b209-87b2d6403f23) --------- Co-authored-by: kibanamachine <[email protected]>
Summary
tldr; The implements a fallback sha1 method when using the browser in an insecure context.
The data views fields requests cache need uniqueness across users. This has been implemented by hashing the user object into a HTTP header using sha1. Typically we can use the browser's built in crypto objects for this HOWEVER its not available in insecure contexts - https://www.chromium.org/blink/webcrypto/#accessing-it - this PR supplies a sha1 function for insecure contexts.
How to test - when running kibana locally, it will run in a secure context via 127.0.0.1 or localhost. It will run in an insecure context at 0.0.0.0. Simply load some sample data and load a data view.
follow up to #168910
Screenshot of error resolved by this pr -