Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Graph] Use ExternalUrl service for checking drilldown URL links #113718

Open
timroes opened this issue Oct 4, 2021 · 5 comments
Open

[Graph] Use ExternalUrl service for checking drilldown URL links #113718

timroes opened this issue Oct 4, 2021 · 5 comments
Labels
Feature:Graph Graph application feature impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. Team:Visualizations Visualization editors, elastic-charts and infrastructure

Comments

@timroes
Copy link
Contributor

timroes commented Oct 4, 2021

See #85975 for more details.

We should validate Drilldown URLs configured in Graph using this service. Not yet clear what we should do, if a configured URL breaks with this list.

@flash1293 Do you have discussed this already for TSVB, how we're handling URLs that are not in the allowlist?
@timroes timroes added Feature:Graph Graph application feature Team:DataDiscovery Discover, search (e.g. data plugin and KQL), data views, saved searches. For ES|QL, use Team:ES|QL. labels Oct 4, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-data-discovery (Team:DataDiscovery)

@timroes timroes mentioned this issue Oct 4, 2021
Closed
9 tasks
@flash1293
Copy link
Contributor

flash1293 commented Oct 4, 2021
edited
Loading

@timroes The way I understood this setting is to allow everything not in the list (just how Graph and TSVB are doing it today). The issue you linked also includes this sentence:

[...] The service allows all external URLs by default [...]

If you want to build a blacklist, I guess you can do an allow: false for host * and then allow: true from there.

@timroes
Copy link
Contributor Author

timroes commented Oct 4, 2021

Okay, sorry then let me rephrase the question. I meant less the behavior of the list but the behavior of our apps. I.e. what would happen if a graph/tsvb drilldown contains a URL that has allow: false? Have you made any plans around that already for TSVB? Will we remove the link? Will we build an error UI showing that it's forbidden to go there? Will the UI prevent creating new links that are in the forbidden list? Will we write a migration that will remove the existing drilldowns violating that setting?

@flash1293
Copy link
Contributor

Got it, good point. we didn't discuss it explicitly, I assumed it would work the same way as vega which is simply not rendering the text as link. Not sure whether a good fit for Graph

@stratoula stratoula added Team:Visualizations Visualization editors, elastic-charts and infrastructure and removed Team:DataDiscovery Discover, search (e.g. data plugin and KQL), data views, saved searches. For ES|QL, use Team:ES|QL. labels Nov 4, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-visualizations @elastic/kibana-visualizations-external (Team:Visualizations)

@stratoula stratoula added the impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. label Jan 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature:Graph Graph application feature impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. Team:Visualizations Visualization editors, elastic-charts and infrastructure
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@kertal @timroes @jughosta @flash1293 @elasticmachine @stratoula