Comments (6)
@peternied can you please assign this issue to me, i'm willing to work on this ?
Thanks,
from security-dashboards-plugin.
[Triage] Thanks for filing, this does not look like the expected behavior - we'd be happy to accept a pull request to clean this up
from security-dashboards-plugin.
@mrudrego Thanks - I've assigned this issue to you, looking forward to seeing a PR
from security-dashboards-plugin.
@peternied , the behaviour on the main branch of code has changed. When a user tries to access an index for which they do not have permission, we get Forbidden message as below.
I hope this is expected behaviour.
Only small concern/query is about the stacktrace showing the complete source code of the file. Can this cause any security issue?
Thanks,
from security-dashboards-plugin.
@mrudrego That code is executed on the client side - there is no way to keep the call stack 'hidden' because the browser is executing it, nothing unexpected there - good question.
from security-dashboards-plugin.
@peternied thanks for the response.
So i think we can close this bug since the fix is already available in the main branch and working as expected.
from security-dashboards-plugin.
Related Issues (20)
- [FEATURE] Inactivity timer HOT 4
- [BUG] - 2.12 auth redirect resets query HOT 5
- [FEATURE] Capability to hide `View roles and identities` for readonly role. HOT 3
- [AUTOCUT] Distribution Build Failed for securityDashboards-2.13.0 HOT 15
- [BUG] Documentation for developer guide needs to be corrected HOT 3
- [AUTOCUT] Integration Test failed for securityDashboards: 2.13.0 HOT 17
- [BUG] Automatic login as anonymous user when passing wrong username and password HOT 1
- [RELEASE] Release version 2.14.0 HOT 4
- [Workspace] Migrate tenant data to workspace HOT 8
- [Multiple Datasource] Support scenarios where datasource is running without security or without FGAC HOT 1
- [BUG][Doc] AuthenticationType class has an invalid doc link HOT 1
- [Multiple Datasource] Add automated tests for version decoupling HOT 3
- [BUG] Investigate and remove duplicate network calls HOT 2
- [FEATURE] [MDS] add support to read/set dataSourceId in the URL HOT 2
- [FEATURE] [MDS] Add cluster info to the popup if multi datasources enabled HOT 4
- Need to view/edit/add/remove and_backend_roles in role mapping HOT 2
- [Multiple Datasource] Remove reliance on static constants.tsx to get permissions for version decoupling HOT 5
- [BUG] OSD Saved Objects Import 15* Slower in 2.12+ HOT 1
- [FEATURE] Add helper text and toast to tenant tab if multi datasource is enabled HOT 2
- [AUTOCUT] Distribution Build Failed for securityDashboards-2.14.0 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from security-dashboards-plugin.