Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use External URL allow-list service #85975

Closed
3 of 9 tasks
streamich opened this issue Dec 15, 2020 · 2 comments
Closed
3 of 9 tasks

Use External URL allow-list service #85975

streamich opened this issue Dec 15, 2020 · 2 comments
Labels
enhancement New value added to drive a business result impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:small Small Level of Effort Meta Team:Presentation Presentation Team for Dashboard, Input Controls, and Canvas Team:Visualizations Visualization editors, elastic-charts and infrastructure

Comments

@streamich
Copy link
Contributor

streamich commented Dec 15, 2020
edited by vadimkibana
Loading

An ExternalUrl allow list service was added to core.http, it can validate URLs against an explicit allow/deny list in kibana.yml. The service allows all external URLs by default. If externalUrl.policy is configured in kibana.yml then only explicitly allowed URLs will be valid. Here is an example how externalUrl.policy configuration could look:

externalUrl.policy:
  - allow: false
    host: danger.google.com
  - allow: true
    host: google.com
    protocol: https
  - allow: true
    host: elastic.co

Services that could make use of external URL validation.

/cc @legrego
@streamich streamich changed the title Use External URL list service Use External URL allow-list service Dec 15, 2020
@streamich streamich added Team:AppServices Team:Visualizations Visualization editors, elastic-charts and infrastructure Team:Presentation Presentation Team for Dashboard, Input Controls, and Canvas labels Dec 15, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-reporting-services (Team:Reporting Services)

@streamich streamich added enhancement New value added to drive a business result Meta labels May 4, 2021
@exalate-issue-sync exalate-issue-sync bot added impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:small Small Level of Effort labels Jun 21, 2021
This was referenced Sep 27, 2021
Closed
Closed
@timroes timroes mentioned this issue Oct 4, 2021
Open
@DianaDerevyankina DianaDerevyankina mentioned this issue Oct 6, 2021
Merged
3 tasks
@vadimkibana
Copy link
Contributor

Thank you for contributing to this issue, however, we are closing this issue due to inactivity as part of a backlog grooming effort. If you believe this feature/bug should still be considered, please reopen with a comment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New value added to drive a business result impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:small Small Level of Effort Meta Team:Presentation Presentation Team for Dashboard, Input Controls, and Canvas Team:Visualizations Visualization editors, elastic-charts and infrastructure
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tsullivan @streamich @elasticmachine @vadimkibana