search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.68k stars 8.23k forks source link

Test new CSP directives using Cloud Experiments service #163016

Open thomheymann opened 1 year ago

thomheymann commented 1 year ago

Follow up to #162974

We would like to run experiments and test new CSP directives in a way that's easy to change and easy to roll back.

We can utilise the Cloud Experiments service and Content-Security-Policy-Report-Only headers for this.

The implementation should work in such a way that experiments can be enabled and rolled back without requiring a restart or upgrade of Kibana version.

We should also use the existing EBT based CSP violation monitoring implemented as part of #162974

elasticmachine commented 1 year ago

Pinging @elastic/kibana-security (Team:Security)