Overview

File 0001-Configurable-custom-response-headers-for-server.patch of Package kibana

From 36c55daa687dd522625a95f08b7aa67681d188f0 Mon Sep 17 00:00:00 2001
From: Court Ewing <court@epixa.com>
Date: Fri, 21 Jul 2017 18:35:02 -0400
Subject: [PATCH] Configurable custom response headers for server (#13045)

* Configurable custom response headers for server

The server.customResponseHeaders configuration allows users to configure
custom headers to send on all responses to the client from anywhere in
the Kibana server.

This can be useful for setting headers like x-frame-options when you
don't want people embedding even Kibana dashboards in an iframe.

* Consistent header overriding and explicit unknown

(cherry picked from commit cba3e93af20d1cdf19a623a140fc030aae828443)
---
 src/server/config/schema.js |  1 +
 src/server/http/index.js    | 17 +++++++++++++----
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/src/server/config/schema.js b/src/server/config/schema.js
index eb5b81866e..eb24c84053 100644
--- a/src/server/config/schema.js
+++ b/src/server/config/schema.js
@@ -42,6 +42,7 @@
       autoListen: Joi.boolean()['default'](true),
       defaultRoute: Joi.string(),
       basePath: Joi.string()['default']('').allow('').regex(/(^$|^\/.*[^\/]$)/, 'start with a slash, don\'t end with one'),
+      customResponseHeaders: Joi.object().unknown(true)['default']({}),
       ssl: Joi.object({
         cert: Joi.string(),
         key: Joi.string()
diff --git a/src/server/http/index.js b/src/server/http/index.js
index 6b63067fbc..52eefd55da 100644
--- a/src/server/http/index.js
+++ b/src/server/http/index.js
@@ -1,5 +1,7 @@
 'use strict';

+var _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; };
+
 var _regeneratorRuntime = require('babel-runtime/regenerator')['default'];

 var _interopRequireDefault = require('babel-runtime/helpers/interop-require-default')['default'];
@@ -110,12 +112,17 @@ module.exports = function (kbnServer, server, config) {
   server.ext('onPreResponse', function (req, reply) {
     var response = req.response;

+    var customHeaders = _extends({}, config.get('server.customResponseHeaders'), {
+        'kbn-name': kbnServer.name,
+        'kbn-version': kbnServer.version
+      });
+
     if (response.isBoom) {
-      response.output.headers['kbn-name'] = kbnServer.name;
-      response.output.headers['kbn-version'] = kbnServer.version;
+      response.output.headers = _extends({}, response.output.headers, customHeaders);
     } else {
-      response.header('kbn-name', kbnServer.name);
-      response.header('kbn-version', kbnServer.version);
+      Object.keys(customHeaders).forEach(name => {
+        response.header(name, customHeaders[name]);
+      });
     }

     return reply['continue']();
--
2.24.3 (Apple Git-128)
openSUSE Build Service is sponsored by
Places