-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
server.xsrf.whitelist changed to server.xsrf.allowlist #95550
Comments
Pinging @elastic/kibana-core (Team:Core) |
Pinging @elastic/kibana-docs (Team:Docs) |
Both options should still be allowed. If using the older setting, you should see a deprecation warning in the logs. We should be able to add both settings back into the list, one with a deprecated label. Thanks for catching that. Tested on 7.11.0 and 7.12.0:
Are you having issues starting Kibana? |
@jbudz Thank you for the fast response. Fortunately I have no issues so far since the stack is still on 7.9 (Thus I did not see the warnings yet). I ran into it while reviewing the docs, configs and logs to prepare for an update. Since still both options are valid it‘s ok. |
@jbudz I can add settings-xsrf-whitelist as a deprecation to the 7.11 release notes, but is it considered a breaking change? I have reservations because it was never picked up by the release notes script as a breaking change. |
IMO accordimg to the log message a deprication is correct. |
👍 Not considered a breaking change, yet. When we do remove the setting we'll want to note it. |
@KOTungseth
Right. However, I agree that I should have used the I believe we can close the issue. Any objections? |
Kibana version:
7.11
Steps to reproduce:
Expected behavior:
It seems that settings.xsrf.whitelist has changed to settings.sxrf.allowlist without any mention in release notes or breaking changes.
Please shed light to this. Are still both options working, or is it a breaking change? Please fix documentation as well, either add a deprecation note or breaking change.
The text was updated successfully, but these errors were encountered: