maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

[Docs] Add server.xsrf.disableProtection to settings docs (#76022)

Browse source
This commit is contained in:
Joe Portner 2020-08-27 10:44:59 -04:00 committed by GitHub
parent b2939618f4
commit 8671db1559
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 8 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
docs/api/using-api.asciidoc
View file

@ -61,10 +61,8 @@ For all APIs, you must use a request header. The {kib} APIs support the `kbn-xsr
By default, you must use `kbn-xsrf` for all API calls, except in the following scenarios:
* The API endpoint uses the `GET` or `HEAD` operations
* The path is whitelisted using the <<settings, `server.xsrf.whitelist`>> setting
* XSRF protections are disabled using the `server.xsrf.disableProtection` setting
* The path is whitelisted using the <<settings-xsrf-whitelist, `server.xsrf.whitelist`>> setting
* XSRF protections are disabled using the <<settings-xsrf-disableProtection, `server.xsrf.disableProtection`>> setting
`Content-Type: application/json`::
Applicable only when you send a payload in the API request. {kib} API requests and responses use JSON.

4
docs/apm/api.asciidoc
View file

@ -40,8 +40,8 @@ users interacting with APM APIs must have <<apm-app-api-user,sufficient privileg
By default, you must use `kbn-xsrf` for all API calls, except in the following scenarios:
* The API endpoint uses the `GET` or `HEAD` operations
* The path is whitelisted using the <<settings, `server.xsrf.whitelist`>> setting
* XSRF protections are disabled using the `server.xsrf.disableProtection` setting
* The path is whitelisted using the <<settings-xsrf-whitelist, `server.xsrf.whitelist`>> setting
* XSRF protections are disabled using the <<settings-xsrf-disableProtection, `server.xsrf.disableProtection`>> setting
`Content-Type: application/json`::
Applicable only when you send a payload in the API request.

5
docs/setup/settings.asciidoc
View file

@ -577,7 +577,7 @@ all http requests to https over the port configured as `server.port`.
| An array of supported protocols with versions.
Valid protocols: `TLSv1`, `TLSv1.1`, `TLSv1.2`. *Default: TLSv1.1, TLSv1.2*
| `server.xsrf.whitelist:`
| [[settings-xsrf-whitelist]] `server.xsrf.whitelist:`
| It is not recommended to disable protections for
arbitrary API endpoints. Instead, supply the `kbn-xsrf` header.
The `server.xsrf.whitelist` setting requires the following format:
@ -592,6 +592,9 @@ The `server.xsrf.whitelist` setting requires the following format:
[cols="2*<"]
|===
| [[settings-xsrf-disableProtection]] `status.xsrf.disableProtection:`
| Setting this to `true` will completely disable Cross-site request forgery protection in Kibana. This is not recommended. *Default: `false`*
| `status.allowAnonymous:`
| If authentication is enabled,
setting this to `true` enables unauthenticated users to access the {kib}