address comments

elastic · Mar 2, 2020 · 016f664 · 016f664
1 parent 7fcf2c8
commit 016f664
Show file tree

Hide file tree

Showing 6 changed files with 6 additions and 7 deletions.
diff --git a/src/core/server/config/deprecation/core_deprecations.test.ts b/src/core/server/config/deprecation/core_deprecations.test.ts
@@ -88,7 +88,7 @@ describe('core deprecations', () => {
  });
  expect(messages).toMatchInlineSnapshot(`
  Array [
- "It is not recommended to disable xsrf protections for API endpoints via [server.xsrf.whitelist].It will be removed in 8.0 release. Instead, supply the \\"kbn-xsrf\\" header.",
+ "It is not recommended to disable xsrf protections for API endpoints via [server.xsrf.whitelist]. It will be removed in 8.0 release. Instead, supply the \\"kbn-xsrf\\" header.",
  ]
  `);
  });

diff --git a/src/core/server/config/deprecation/core_deprecations.ts b/src/core/server/config/deprecation/core_deprecations.ts
@@ -44,7 +44,7 @@ const xsrfDeprecation: ConfigDeprecation = (settings, fromPath, log) => {
  get<unknown[]>(settings, 'server.xsrf.whitelist').length > 0
  ) {
  log(
- 'It is not recommended to disable xsrf protections for API endpoints via [server.xsrf.whitelist].' +
+ 'It is not recommended to disable xsrf protections for API endpoints via [server.xsrf.whitelist]. ' +
  'It will be removed in 8.0 release. Instead, supply the "kbn-xsrf" header.'
  );
  }

diff --git a/src/core/server/http/http_server.mocks.ts b/src/core/server/http/http_server.mocks.ts
@@ -70,7 +70,6 @@ function createKibanaRequestMock<P = any, Q = any, B = any>({
 
  return KibanaRequest.from<P, Q, B>(
  createRawRequestMock({
- app: kibanaRouteState,
  headers,
  params,
  query,
@@ -84,7 +83,7 @@ function createKibanaRequestMock<P = any, Q = any, B = any>({
  search: queryString ? `?${queryString}` : queryString,
  },
  route: {
- settings: { tags: routeTags, auth: routeAuthRequired },
+ settings: { tags: routeTags, auth: routeAuthRequired, app: kibanaRouteState },
  },
  raw: {
  req: { socket },

diff --git a/src/core/server/http/integration_tests/lifecycle_handlers.test.ts b/src/core/server/http/integration_tests/lifecycle_handlers.test.ts
@@ -244,7 +244,7 @@ describe('core lifecycle handlers', () => {
  });
 
  it('accepts requests on a route with disabled xsrf protection', async () => {
- await getSupertest(method.toLowerCase(), whitelistedTestPath).expect(200, 'ok');
+ await getSupertest(method.toLowerCase(), xsrfDisabledTestPath).expect(200, 'ok');
  });
  });
  });

diff --git a/src/core/server/http/router/request.ts b/src/core/server/http/router/request.ts
@@ -191,7 +191,7 @@ export class KibanaRequest<
  const options = ({
  authRequired: request.route.settings.auth !== false,
  // some places in LP call KibanaRequest.from(request) manually. remove fallback to true before v8
- xsrfRequired: (request.app as KibanaRouteState)?.xsrfRequired ?? true,
+ xsrfRequired: (request.route.settings.app as KibanaRouteState)?.xsrfRequired ?? true,
  tags: request.route.settings.tags || [],
  body: ['get', 'options'].includes(method)
  ? undefined

diff --git a/src/core/server/http/router/route.ts b/src/core/server/http/router/route.ts
@@ -110,7 +110,7 @@ export interface RouteConfigOptions<Method extends RouteMethod> {
 
  /**
  * Defines xsrf protection requirements for a route:
- * - true. Requires an incoming request to contain `kbn-xsrf` header.
+ * - true. Requires an incoming POST/PUT/DELETE request to contain `kbn-xsrf` header.
  * - false. Disables xsrf protection.
  *
  * Set to true by default