Skip to content

[7.17] Disable allowAbsoluteUrls for axios (#215138)#216103

Merged
delanni merged 2 commits intoelastic:7.17from
delanni:backport/7.17/pr-215138
Mar 27, 2025
Merged

[7.17] Disable allowAbsoluteUrls for axios (#215138)#216103
delanni merged 2 commits intoelastic:7.17from
delanni:backport/7.17/pr-215138

Conversation

@delanni
Copy link
Contributor

@delanni delanni commented Mar 26, 2025

Backport

This will backport the following commits from main to 7.17:

Questions ?

Please refer to the Backport tool documentation

@delanni
Disable allowAbsoluteUrls for axios (elastic#215138)
3fd448e 
## Summary
After elastic#214843, `axios` client
usages need to set a flag to prevent the vulnerable behavior.

To reviewers: if you think it's a mistake, and you created a client to
request for absolute URLs, consider unsetting the `baseURL` to
communicate intent.
@delanni delanni requested a review from kibanamachine as a code owner March 26, 2025 20:00
@delanni delanni added the backport This PR is a backport of another PR label Mar 26, 2025
@delanni delanni enabled auto-merge (squash) March 26, 2025 20:00
@delanni delanni mentioned this pull request Mar 26, 2025
Merged
@elasticmachine
Copy link
Contributor

elasticmachine commented Mar 27, 2025

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] OSS CI Group #11 / visualize app visualize ciGroup11 vega chart in visualize app vega chart with filters should render different data in response to filter change

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
canvas 1.0MB 1.0MB +20.0B

History

@delanni delanni merged commit 9968dd3 into elastic:7.17 Mar 27, 2025
88 checks passed
@delanni delanni deleted the backport/7.17/pr-215138 branch March 27, 2025 11:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@legrego legrego legrego approved these changes

@kibanamachine kibanamachine Awaiting requested review from kibanamachine kibanamachine is a code owner

Assignees

No one assigned

Labels

backport This PR is a backport of another PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@delanni @elasticmachine @legrego