Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HttpResources service should support POST method #80822

Open
mshustov opened this issue Oct 16, 2020 · 3 comments
Open

HttpResources service should support POST method #80822

mshustov opened this issue Oct 16, 2020 · 3 comments
Labels
enhancement New value added to drive a business result NeededFor:Security Team:Core Core services & architecture: plugins, logging, config, saved objects, http, ES client, i18n, etc

Comments

@mshustov
Copy link
Contributor

Blocks #27156 and #69506
HttpRespurces plugin supports the GET method only. I can see a couple of options here:

  • add explicit method declaration (as it is in router)
httpResources.get({
  path: '/login',
  validate: {
    params: schema.object({ id: schema.string() }),
  },
},
async (context, request, response) => {
  //..
  return response.renderCoreApp();
});
  • expose render API via contract
// http route handler
async (context, request, response) => {
  const body = coreStart.httpResources.asScoped(request).renderHtml(..);
  return response.ok({ body } );
});

It would allow us to support cases when a plugin renders an HTML page outside of the request context:

kibana/x-pack/plugins/security/server/authorization/authorization_service.tsx

Lines 168 to 198 in e31ec7e

http.registerOnPreResponse((request, preResponse, toolkit) => {
if (preResponse.statusCode === 403 && canRedirectRequest(request)) {
const basePath = http.basePath.get(request);
const next = `${basePath}${request.url.path}`;
const regularBundlePath = `${basePath}/${buildNumber}/bundles`;
const logoutUrl = http.basePath.prepend(
`/api/security/logout?${querystring.stringify({ next })}`
);
const styleSheetPaths = [
`${regularBundlePath}/kbn-ui-shared-deps/${UiSharedDeps.baseCssDistFilename}`,
`${regularBundlePath}/kbn-ui-shared-deps/${UiSharedDeps.lightCssDistFilename}`,
`${basePath}/node_modules/@kbn/ui-framework/dist/kui_light.css`,
`${basePath}/ui/legacy_light_theme.css`,
];
const body = renderToStaticMarkup(
<ResetSessionPage
logoutUrl={logoutUrl}
styleSheetPaths={styleSheetPaths}
basePath={basePath}
/>
);
return toolkit.render({ body, headers: { 'Content-Security-Policy': http.csp.header } });
}
return toolkit.next();
});
return authz;
}

That's why I'm inclining towards this option.

@elastic/kibana-platform WDYT?
@mshustov mshustov added Team:Core Core services & architecture: plugins, logging, config, saved objects, http, ES client, i18n, etc enhancement New value added to drive a business result NeededFor:Security labels Oct 16, 2020
@mshustov mshustov mentioned this issue Oct 16, 2020
Open
@pgayvallet
Copy link
Contributor

+1 for option 2. Even if diverging from the http API, it feels more extensible and allowing to use it outside of request context seems just too important.

@mshustov
Copy link
Contributor Author

@elastic/kibana-security let us know when you need this implemented

@legrego
Copy link
Member

legrego commented Oct 22, 2020

@azasypkin can keep me honest, but I don't think this is blocking anything critical. This is something we'd really like to have, but I'm not aware of any deadlines that we need to hit.

In other words, I wouldn't reprioritize your current work, but otherwise we'd love to have this as soon as you get some free time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New value added to drive a business result NeededFor:Security Team:Core Core services & architecture: plugins, logging, config, saved objects, http, ES client, i18n, etc
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pgayvallet @mshustov @legrego