Skip to content

HttpResources service should support POST method #80822

New issue
New issue
Open
Open
HttpResources service should support POST method#80822

Description

@mshustov

mshustov
openedon Oct 16, 2020

Blocks #27156 and #69506
HttpRespurces plugin supports the GET method only. I can see a couple of options here:

  • add explicit method declaration (as it is in router)
httpResources.get({
  path: '/login',
  validate: {
    params: schema.object({ id: schema.string() }),
  },
},
async (context, request, response) => {
  //..
  return response.renderCoreApp();
});
  • expose render API via contract
// http route handler
async (context, request, response) => {
  const body = coreStart.httpResources.asScoped(request).renderHtml(..);
  return response.ok({ body } );
});

It would allow us to support cases when a plugin renders an HTML page outside of the request context:

kibana/x-pack/plugins/security/server/authorization/authorization_service.tsx

Lines 168 to 198 in e31ec7e

http.registerOnPreResponse((request, preResponse, toolkit) => {
if (preResponse.statusCode === 403 && canRedirectRequest(request)) {
const basePath = http.basePath.get(request);
const next = `${basePath}${request.url.path}`;
const regularBundlePath = `${basePath}/${buildNumber}/bundles`;
const logoutUrl = http.basePath.prepend(
`/api/security/logout?${querystring.stringify({ next })}`
);
const styleSheetPaths = [
`${regularBundlePath}/kbn-ui-shared-deps/${UiSharedDeps.baseCssDistFilename}`,
`${regularBundlePath}/kbn-ui-shared-deps/${UiSharedDeps.lightCssDistFilename}`,
`${basePath}/node_modules/@kbn/ui-framework/dist/kui_light.css`,
`${basePath}/ui/legacy_light_theme.css`,
];
const body = renderToStaticMarkup(
<ResetSessionPage
logoutUrl={logoutUrl}
styleSheetPaths={styleSheetPaths}
basePath={basePath}
/>
);
return toolkit.render({ body, headers: { 'Content-Security-Policy': http.csp.header } });
}
return toolkit.next();
});
return authz;
}

That's why I'm inclining towards this option.

@elastic/kibana-platform WDYT?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    NeededFor:SecurityTeam:CoreCore services & architecture: plugins, logging, config, saved objects, http, ES client, i18n, etcenhancementNew value added to drive a business result

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions