You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Rational: Many users currently use URL-based access control to secure access to ES. For multi-search/get queries, currently the user can put the indices in the request body, which poses a challenge to the URL-based security approach.
This request is to add a feature for multi-search/get such that when index(or indices) is given in the URL, prohibiting the request body to contain the index (indices).
In this way, all request to ES can be secured via URL.
Add a flag, called rest.action.multi.allow_explicit_index that can be set in the settings/config (default to true). If set to false, will reject requests that have explicit index specified in their body.
The text was updated successfully, but these errors were encountered:
Rational: Many users currently use URL-based access control to secure access to ES. For multi-search/get queries, currently the user can put the indices in the request body, which poses a challenge to the URL-based security approach.
This request is to add a feature for multi-search/get such that when index(or indices) is given in the URL, prohibiting the request body to contain the index (indices).
In this way, all request to ES can be secured via URL.
Add a flag, called
rest.action.multi.allow_explicit_index
that can be set in the settings/config (default totrue
). If set tofalse
, will reject requests that have explicit index specified in their body.The text was updated successfully, but these errors were encountered: