Skip to content

Commit

Permalink
[8.x] [8.15] [Kibana data view] Fix issue empty user-hash in data vie…
Browse files Browse the repository at this point in the history
…w request headers (#197863) (#198236)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[8.15] [Kibana data view] Fix issue empty user-hash in data view
request headers
(#197863)](#197863)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Mohamed
Abdelgaber","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-10-29T23:53:09Z","message":"[8.15]
[Kibana data view] Fix issue empty user-hash in data view request
headers (#197863)\n\nto fix not compliant HTTP request\r\n\r\n##
Summary\r\n\r\nFix not compliant HTTP request\r\nfor example, request
\"GET\r\n/s/<space>/internal/data_views/fields?pattern=abc\" Sometimes
request\r\nheaders have a user-hash field with an empty value and this
makes the\r\nrequest not HTTP compliant in some scenarios the request
will be dropped\r\nby WAF or by another security edge for
example.\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/de606665-12e6-475c-a2e4-c2e594957f11)\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<[email protected]>\r\nCo-authored-by:
Elastic Machine
<[email protected]>\r\nCo-authored-by:
mabdelgaber.SEC
<[email protected]>","sha":"f102ace317700a1841ec77c84c77f76041157746","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","💝community","v9.0.0","Team:DataDiscovery","backport:prev-major"],"title":"[8.15]
[Kibana data view] Fix issue empty user-hash in data view request
headers","number":197863,"url":"https://github.com/elastic/kibana/pull/197863","mergeCommit":{"message":"[8.15]
[Kibana data view] Fix issue empty user-hash in data view request
headers (#197863)\n\nto fix not compliant HTTP request\r\n\r\n##
Summary\r\n\r\nFix not compliant HTTP request\r\nfor example, request
\"GET\r\n/s/<space>/internal/data_views/fields?pattern=abc\" Sometimes
request\r\nheaders have a user-hash field with an empty value and this
makes the\r\nrequest not HTTP compliant in some scenarios the request
will be dropped\r\nby WAF or by another security edge for
example.\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/de606665-12e6-475c-a2e4-c2e594957f11)\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<[email protected]>\r\nCo-authored-by:
Elastic Machine
<[email protected]>\r\nCo-authored-by:
mabdelgaber.SEC
<[email protected]>","sha":"f102ace317700a1841ec77c84c77f76041157746"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/197863","number":197863,"mergeCommit":{"message":"[8.15]
[Kibana data view] Fix issue empty user-hash in data view request
headers (#197863)\n\nto fix not compliant HTTP request\r\n\r\n##
Summary\r\n\r\nFix not compliant HTTP request\r\nfor example, request
\"GET\r\n/s/<space>/internal/data_views/fields?pattern=abc\" Sometimes
request\r\nheaders have a user-hash field with an empty value and this
makes the\r\nrequest not HTTP compliant in some scenarios the request
will be dropped\r\nby WAF or by another security edge for
example.\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/de606665-12e6-475c-a2e4-c2e594957f11)\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<[email protected]>\r\nCo-authored-by:
Elastic Machine
<[email protected]>\r\nCo-authored-by:
mabdelgaber.SEC
<[email protected]>","sha":"f102ace317700a1841ec77c84c77f76041157746"}}]}]
BACKPORT-->

Co-authored-by: Mohamed Abdelgaber <[email protected]>
  • Loading branch information
kibanamachine and muhamed-abdelgaber authored Oct 30, 2024
1 parent 46cb1df commit 7c1be44
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -30,9 +30,6 @@ describe('IndexPatternsApiClient', () => {
expect(fetchSpy).toHaveBeenCalledWith(expectedPath, {
// not sure what asResponse is but the rest of the results are useful
asResponse: true,
headers: {
'user-hash': '',
},
query: {
allow_hidden: undefined,
allow_no_index: undefined,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ export class DataViewsApiClient implements IDataViewsApiClient {
const userId = await this.getCurrentUserId();

const userHash = userId ? await sha1(userId) : '';
const headers = userHash ? { 'user-hash': userHash } : undefined;

const request = body
? this.http.post<T>(url, { query, body, version, asResponse })
Expand All @@ -64,7 +65,7 @@ export class DataViewsApiClient implements IDataViewsApiClient {
version,
...cacheOptions,
asResponse,
headers: { 'user-hash': userHash },
headers,
});

return request.catch((resp) => {
Expand Down

0 comments on commit 7c1be44

Please sign in to comment.