server.xsrf.whitelist changed to server.xsrf.allowlist #95550
Comments
Bernhard-Fluehmann
added
the
bug
wylieconlon
added
Team:Core
|
Pinging @elastic/kibana-core (Team:Core) |
|
Pinging @elastic/kibana-docs (Team:Docs) |
|
Both options should still be allowed. If using the older setting, you should see a deprecation warning in the logs. We should be able to add both settings back into the list, one with a deprecated label. Thanks for catching that. Tested on 7.11.0 and 7.12.0: Are you having issues starting Kibana? |
|
@jbudz Thank you for the fast response. Fortunately I have no issues so far since the stack is still on 7.9 (Thus I did not see the warnings yet). I ran into it while reviewing the docs, configs and logs to prepare for an update. Since still both options are valid it‘s ok. |
|
@jbudz I can add settings-xsrf-whitelist as a deprecation to the 7.11 release notes, but is it considered a breaking change? I have reservations because it was never picked up by the release notes script as a breaking change. |
|
IMO accordimg to the log message a deprication is correct. |
|
👍 Not considered a breaking change, yet. When we do remove the setting we'll want to note it. |
@KOTungseth
Right. However, I agree that I should have used the I believe we can close the issue. Any objections? |
Kibana version:
7.11
Steps to reproduce:
Expected behavior:
It seems that settings.xsrf.whitelist has changed to settings.sxrf.allowlist without any mention in release notes or breaking changes.
Please shed light to this. Are still both options working, or is it a breaking change? Please fix documentation as well, either add a deprecation note or breaking change.
The text was updated successfully, but these errors were encountered: