-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Migrate CSP configuration #50644
Comments
Pinging @elastic/kibana-platform (Team:Platform) |
@Bamieh There are currently two usage collectors in the legacy For KQL, I think it would make sense to move it to the Thoughts? |
This logic also can be extracted out of chrome if (!this.params.browserSupportsCsp && injectedMetadata.getCspConfig().warnLegacyBrowsers) {
notifications.toasts.addWarning(
i18n.translate('core.chrome.legacyBrowserWarning', {
defaultMessage: 'Your browser does not meet the security requirements for Kibana.',
})
);
} https://github.com/elastic/kibana/blob/master/src/core/public/chrome/chrome_service.tsx#L158 |
@Bamieh bump on the question above regarding the CSP usage collector ^^ |
@restrry will this be covered as part of #50654? |
@joshdover nope, we will set |
Ah yes forgot about the rename, should be trivial though 👍 |
@joshdover for some reason i had this issue on mute. Feel free to move the collector to the telemetry plugin until we find a better place for it to live at. |
CSP has been integrated to Core's |
Defines default CSP configuration.
It probably should be a part of the core HTTP service if necessary for the rendering service #41964
csp
toserver.csp
using the config deprecations from Implements config deprecation in New Platform #52251 (Move CSP options to new platform #52698 (comment))csp
header on all HTML pageslegacyBrowserWarning
to the csp plugin https://github.com/elastic/kibana/blob/master/src/core/public/chrome/chrome_service.tsx#L158The text was updated successfully, but these errors were encountered: