Skip to content

Commit

Permalink
[8.15] [Kibana data view] Fix issue empty user-hash in data view requ…
Browse files Browse the repository at this point in the history
…est headers (elastic#197863)

to fix not compliant HTTP request

## Summary

Fix not compliant HTTP request
for example, request "GET
/s/<space>/internal/data_views/fields?pattern=abc" Sometimes request
headers have a user-hash field with an empty value and this makes the
request not HTTP compliant in some scenarios the request will be dropped
by WAF or by another security edge for example.


![image](https://github.com/user-attachments/assets/de606665-12e6-475c-a2e4-c2e594957f11)

---------

Co-authored-by: kibanamachine <[email protected]>
Co-authored-by: Elastic Machine <[email protected]>
Co-authored-by: mabdelgaber.SEC <[email protected]>
  • Loading branch information
4 people authored Oct 29, 2024
1 parent a098aaa commit f102ace
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -30,9 +30,6 @@ describe('IndexPatternsApiClient', () => {
expect(fetchSpy).toHaveBeenCalledWith(expectedPath, {
// not sure what asResponse is but the rest of the results are useful
asResponse: true,
headers: {
'user-hash': '',
},
query: {
allow_hidden: undefined,
allow_no_index: undefined,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ export class DataViewsApiClient implements IDataViewsApiClient {
const userId = await this.getCurrentUserId();

const userHash = userId ? await sha1(userId) : '';
const headers = userHash ? { 'user-hash': userHash } : undefined;

const request = body
? this.http.post<T>(url, { query, body, version, asResponse })
Expand All @@ -64,7 +65,7 @@ export class DataViewsApiClient implements IDataViewsApiClient {
version,
...cacheOptions,
asResponse,
headers: { 'user-hash': userHash },
headers,
});

return request.catch((resp) => {
Expand Down

0 comments on commit f102ace

Please sign in to comment.