Skip to content

Comments

[7.x] Allow disabling xsrf protection per an endpoint (#58717)#59151

Merged
mshustov merged 1 commit intoelastic:7.xfrom
mshustov:backport/7.x/pr-58717
Mar 3, 2020
Merged

[7.x] Allow disabling xsrf protection per an endpoint (#58717)#59151
mshustov merged 1 commit intoelastic:7.xfrom
mshustov:backport/7.x/pr-58717

Conversation

@mshustov
Copy link
Contributor

@mshustov mshustov commented Mar 3, 2020

Backports the following commits to 7.x:

* add xsrfRequired flag to a route definition interface

* update tests

* deprecate server.xsrf.whitelist

It meant to be used for IdP endpoints only, which we are going to refactor to disable xsrf requirement per a specific endpoint.

* update docs

* do not fail on manual KibanaRequest creation

* address comments

* update tests

* address comments

* make xsrfRequired available only for destructive methods

* update docs

* another isSafeMethod usage
@mshustov mshustov added the backport This PR is a backport of another PR label Mar 3, 2020
@kibanamachine
Copy link
Contributor

💚 Build Succeeded

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@mshustov mshustov merged commit 0fdb6e5 into elastic:7.x Mar 3, 2020
@mshustov mshustov deleted the backport/7.x/pr-58717 branch March 3, 2020 16:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

backport This PR is a backport of another PR

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants