From 06fc60460446f330e0b2a3706ff905c79979faf2 Mon Sep 17 00:00:00 2001 From: vikastigera Date: Mon, 23 Sep 2024 13:47:13 -0700 Subject: [PATCH] Adding X-Frames-Options DENY header for Kibana (#3516) Changes done to add X-Frames-Options DENY header for Kibana requests. --- pkg/render/logstorage/kibana/kibana.go | 3 +++ pkg/render/logstorage/kibana/kibana_test.go | 11 +++++++++++ 2 files changed, 14 insertions(+) diff --git a/pkg/render/logstorage/kibana/kibana.go b/pkg/render/logstorage/kibana/kibana.go index 2304854345..c5a3f73b2a 100644 --- a/pkg/render/logstorage/kibana/kibana.go +++ b/pkg/render/logstorage/kibana/kibana.go @@ -215,6 +215,9 @@ func (k *kibana) kibanaCR() *kbv1.Kibana { "basePath": fmt.Sprintf("/%s", BasePath), "rewriteBasePath": true, "defaultRoute": fmt.Sprintf(DefaultRoute, TimeFilter, url.PathEscape(FlowsDashboardName)), + "customResponseHeaders": map[string]interface{}{ + "X-Frame-Options": "DENY", + }, } if k.cfg.BaseURL != "" { diff --git a/pkg/render/logstorage/kibana/kibana_test.go b/pkg/render/logstorage/kibana/kibana_test.go index 4957b8cd6b..b167ac8a9b 100644 --- a/pkg/render/logstorage/kibana/kibana_test.go +++ b/pkg/render/logstorage/kibana/kibana_test.go @@ -169,6 +169,17 @@ var _ = Describe("Kibana rendering tests", func() { Expect(x["publicBaseUrl"]).To(Equal("https://test.domain.com/tigera-kibana")) }) + It("should configure X-Frame-Options as DENY in customResponseHeaders", func() { + component := kibana.Kibana(cfg) + + createResources, _ := component.Objects() + kb := rtest.GetResource(createResources, kibana.CRName, kibana.Namespace, "kibana.k8s.elastic.co", "v1", "Kibana") + kibana := kb.(*kbv1.Kibana) + server := kibana.Spec.Config.Data["server"].(map[string]interface{}) + customResponseHeaders := server["customResponseHeaders"].(map[string]interface{}) + Expect(customResponseHeaders["X-Frame-Options"]).To(Equal("DENY")) + }) + It("should delete Kibana ExternalService", func() { cfg.KbService = &corev1.Service{ ObjectMeta: metav1.ObjectMeta{Name: kibana.ServiceName, Namespace: kibana.Namespace},