From 1b3a09d6f4db45319e5be7e4f224d3583c4e8ae9 Mon Sep 17 00:00:00 2001 From: Mohamed Abdelgaber Date: Wed, 30 Oct 2024 02:53:09 +0300 Subject: [PATCH] [8.15] [Kibana data view] Fix issue empty user-hash in data view request headers (#197863) to fix not compliant HTTP request ## Summary Fix not compliant HTTP request for example, request "GET /s//internal/data_views/fields?pattern=abc" Sometimes request headers have a user-hash field with an empty value and this makes the request not HTTP compliant in some scenarios the request will be dropped by WAF or by another security edge for example. ![image](https://github.com/user-attachments/assets/de606665-12e6-475c-a2e4-c2e594957f11) --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine Co-authored-by: mabdelgaber.SEC (cherry picked from commit f102ace317700a1841ec77c84c77f76041157746) --- .../data_views/public/data_views/data_views_api_client.test.ts | 3 --- .../data_views/public/data_views/data_views_api_client.ts | 3 ++- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/src/plugins/data_views/public/data_views/data_views_api_client.test.ts b/src/plugins/data_views/public/data_views/data_views_api_client.test.ts index 8e1261802fbbc..4eaf2e88f56d9 100644 --- a/src/plugins/data_views/public/data_views/data_views_api_client.test.ts +++ b/src/plugins/data_views/public/data_views/data_views_api_client.test.ts @@ -30,9 +30,6 @@ describe('IndexPatternsApiClient', () => { expect(fetchSpy).toHaveBeenCalledWith(expectedPath, { // not sure what asResponse is but the rest of the results are useful asResponse: true, - headers: { - 'user-hash': '', - }, query: { allow_hidden: undefined, allow_no_index: undefined, diff --git a/src/plugins/data_views/public/data_views/data_views_api_client.ts b/src/plugins/data_views/public/data_views/data_views_api_client.ts index e569e7f25bff6..233b05ea7bc22 100644 --- a/src/plugins/data_views/public/data_views/data_views_api_client.ts +++ b/src/plugins/data_views/public/data_views/data_views_api_client.ts @@ -56,6 +56,7 @@ export class DataViewsApiClient implements IDataViewsApiClient { const userId = await this.getCurrentUserId(); const userHash = userId ? await sha1(userId) : ''; + const headers = userHash ? { 'user-hash': userHash } : undefined; const request = body ? this.http.post(url, { query, body, version, asResponse }) @@ -64,7 +65,7 @@ export class DataViewsApiClient implements IDataViewsApiClient { version, ...cacheOptions, asResponse, - headers: { 'user-hash': userHash }, + headers, }); return request.catch((resp) => {