From 214040e2affe8c8ed477406b15599ceba6669408 Mon Sep 17 00:00:00 2001
From: Mohamed Abdelgaber <muhamedabdelgaber@gmail.com>
Date: Wed, 30 Oct 2024 02:53:09 +0300
Subject: [PATCH] [8.15] [Kibana data view] Fix issue empty user-hash in data
 view request headers (#197863)

to fix not compliant HTTP request

## Summary

Fix not compliant HTTP request
for example, request "GET
/s/<space>/internal/data_views/fields?pattern=abc" Sometimes request
headers have a user-hash field with an empty value and this makes the
request not HTTP compliant in some scenarios the request will be dropped
by WAF or by another security edge for example.

![image](https://github.com/user-attachments/assets/de606665-12e6-475c-a2e4-c2e594957f11)

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: mabdelgaber.SEC <mohamed.abdelgaber@orange.com>
(cherry picked from commit f102ace317700a1841ec77c84c77f76041157746)
---
 .../data_views/public/data_views/data_views_api_client.test.ts | 3 ---
 .../data_views/public/data_views/data_views_api_client.ts      | 3 ++-
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/plugins/data_views/public/data_views/data_views_api_client.test.ts b/src/plugins/data_views/public/data_views/data_views_api_client.test.ts
index 66f025dc07835..73a8cb34c1803 100644
--- a/src/plugins/data_views/public/data_views/data_views_api_client.test.ts
+++ b/src/plugins/data_views/public/data_views/data_views_api_client.test.ts
@@ -28,9 +28,6 @@ describe('IndexPatternsApiClient', () => {
     expect(fetchSpy).toHaveBeenCalledWith(expectedPath, {
       // not sure what asResponse is but the rest of the results are useful
       asResponse: true,
-      headers: {
-        'user-hash': '',
-      },
       query: {
         allow_hidden: undefined,
         allow_no_index: undefined,
diff --git a/src/plugins/data_views/public/data_views/data_views_api_client.ts b/src/plugins/data_views/public/data_views/data_views_api_client.ts
index 404db1028fd3f..f7b9ebc1090f6 100644
--- a/src/plugins/data_views/public/data_views/data_views_api_client.ts
+++ b/src/plugins/data_views/public/data_views/data_views_api_client.ts
@@ -55,6 +55,7 @@ export class DataViewsApiClient implements IDataViewsApiClient {
     const userId = await this.getCurrentUserId();
 
     const userHash = userId ? await sha1(userId) : '';
+    const headers = userHash ? { 'user-hash': userHash } : undefined;
 
     const request = body
       ? this.http.post<T>(url, { query, body, version, asResponse })
@@ -63,7 +64,7 @@ export class DataViewsApiClient implements IDataViewsApiClient {
           version,
           ...cacheOptions,
           asResponse,
-          headers: { 'user-hash': userHash },
+          headers,
         });
 
     return request.catch((resp) => {