Add X-Elastic-Product header on all http responses #73434
Conversation
elasticmachine
added
the
Team:Data Management
|
Pinging @elastic/es-core-features (Team:Core/Features) |
jbaiera
changed the title
| @@ -57,6 +57,8 @@ | |||
|
|
|||
| private static final Logger logger = LogManager.getLogger(RestController.class); | |||
| private static final DeprecationLogger deprecationLogger = DeprecationLogger.getLogger(RestController.class); | |||
| private static final String ELASTIC_PRODUCT_HTTP_HEADER = "X-Elastic-Product"; | |||
There was a problem hiding this comment.
Should this be lowercase here? I noticed that many of the HTTP Headers we operate with are not consistently cased.
There was a problem hiding this comment.
According to the HTTP spec, header names are case-insensitive. We use lowercase for x-elastic-product-origin but it shouldn't* matter.
* famous last words
| @@ -57,6 +57,8 @@ | |||
|
|
|||
| private static final Logger logger = LogManager.getLogger(RestController.class); | |||
| private static final DeprecationLogger deprecationLogger = DeprecationLogger.getLogger(RestController.class); | |||
| private static final String ELASTIC_PRODUCT_HTTP_HEADER = "X-Elastic-Product"; | |||
There was a problem hiding this comment.
According to the HTTP spec, header names are case-insensitive. We use lowercase for x-elastic-product-origin but it shouldn't* matter.
* famous last words
| @@ -142,6 +143,9 @@ public MethodHandlers next() { | |||
| assertEquals("true", threadContext.getHeader("header.1")); | |||
| assertEquals("true", threadContext.getHeader("header.2")); | |||
| assertNull(threadContext.getHeader("header.3")); | |||
| List<String> expectedProductResponseHeader = new ArrayList<>(); | |||
| expectedProductResponseHeader.add("Elasticsearch"); | |||
| assertEquals(expectedProductResponseHeader, threadContext.getResponseHeaders().getOrDefault("X-Elastic-Product", null)); | |||
There was a problem hiding this comment.
Maybe make the ELASTIC_PRODUCT_HTTP_HEADER variable package private so it can be referenced here instead of the string literal?
|
Failing test was because security expects only 3 headers to be output when a request is not authenticated: |
|
@elasticmachine update branch |
|
@elasticmachine update branch |
|
@jbaiera this should be backported to |
|
@swallez thanks for the reminder, backport is in flight |
Follow-up to elastic#73434 Ensures that High Level Rest Client is running against a verified Elasticsearch. When the first request is send on HLRC, a request to the info endpoint is made first to verify the product identification and version.
Follow-up to #73434 Ensures that High Level Rest Client is running against a verified Elasticsearch. When the first request is send on HLRC, a request to the info endpoint is made first to verify the product identification and version.
Follow-up to #73434 Ensures that High Level Rest Client is running against a verified Elasticsearch. When the first request is send on HLRC, a request to the info endpoint is made first to verify the product identification and version.
This PR adds a header to all Elasticsearch responses that confirms the type of service operating on the other end of the connection. This will aid in validating client-server connections to ensure protocol compatibility between requestors and the server.
The header returns from all requests (except unauthenticated ones) and its format is as follows:
resolves #73424
edit: Updated the default casing of the header, updated that it is not returned on unauthenticated requests.