Configurable custom response headers for server #13045
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The server.customResponseHeaders configuration allows users to configure custom headers to send on all responses to the client from anywhere in the Kibana server. This can be useful for setting headers like x-frame-options when you don't want people embedding even Kibana dashboards in an iframe.
spalger
suggested changes
Jul 21, 2017
src/server/http/index.js
Outdated
| response.output.headers['kbn-version'] = kbnServer.version; | ||
| response.output.headers = { | ||
| ...response.output.headers, | ||
| ...customResponseHeaders, |
There was a problem hiding this comment.
In this branch the kbn-name and kbn-version headers overwrite the same keys in customResponseHeaders, but in the branch below the opposite is true.
Perhaps you could merge customResponseHeaders with kbn-name and kbn-version outside of this condition, then apply the update as necessary within the branches of the condition?
src/server/config/schema.js
Outdated
| @@ -53,6 +53,7 @@ export default () => Joi.object({ | |||
| autoListen: Joi.boolean().default(true), | |||
| defaultRoute: Joi.string().default('/app/kibana').regex(/^\//, `start with a slash`), | |||
| basePath: Joi.string().default('').allow('').regex(/(^$|^\/.*[^\/]$)/, `start with a slash, don't end with one`), | |||
| customResponseHeaders: Joi.object().default({}), | |||
There was a problem hiding this comment.
Looks like omitting .keys() here allows the object to have any keys, but I think it would be nice to have an explicit .unknown(true) to be extra clear about that intention.
There was a problem hiding this comment.
I don't really understand what any of that means :-/
|
@spalger I updated it based on your feedback |
epixa
added a commit
that referenced
this pull request
Jul 21, 2017
* Configurable custom response headers for server The server.customResponseHeaders configuration allows users to configure custom headers to send on all responses to the client from anywhere in the Kibana server. This can be useful for setting headers like x-frame-options when you don't want people embedding even Kibana dashboards in an iframe. * Consistent header overriding and explicit unknown
|
5.x/5.6 cba3e93 |
JanZerebecki
pushed a commit
to JanZerebecki/kibana
that referenced
this pull request
Jun 9, 2021
* Configurable custom response headers for server The server.customResponseHeaders configuration allows users to configure custom headers to send on all responses to the client from anywhere in the Kibana server. This can be useful for setting headers like x-frame-options when you don't want people embedding even Kibana dashboards in an iframe. * Consistent header overriding and explicit unknown Conflicts: docs/setup/settings.asciidoc (cherry picked from commit cba3e93)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The server.customResponseHeaders configuration allows users to configure
custom headers to send on all responses to the client from anywhere in
the Kibana server.
This can be useful for setting headers like x-frame-options when you
don't want people embedding even Kibana dashboards in an iframe.
Apologies for the whitespace changes in the doc. The .asciidoc files do
not force removal of spaces at the end of lines, so someone committed
a bunch of erroneous spaces before and my edit removed them. I
recommend reviewing with ?w=1 in the github url.
In kibana.yml:
In terminal:
For #8519, though it doesn't close it necessarily.