Navigation Menu

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detect cookies on login page #120944

Merged
merged 16 commits into from Dec 16, 2021
Merged

Detect cookies on login page #120944

merged 16 commits into from Dec 16, 2021

Conversation

thomheymann
Copy link
Contributor

@thomheymann thomheymann commented Dec 9, 2021
edited

Resolves #97200

This PR fixes a bug caused by Safari's "Prevent cross-site tracking" feature.

When this feature is enabled Safari prevents us from setting cookies when embedded inside an iframe.

There's no workaround for this behaviour but we can provide a better user experience by allowing users to open the embedded content inside a new window where they can log in without any issues.

When Kibana can't set cookies and is embedded in an iframe

Screenshot 2021-12-09 at 11 07 46

When Kibana can't set cookies and is not embedded in an iframe

Screenshot 2021-12-09 at 11 08 15

Testing

  1. Run yarn es snapshot --license trial --ssl
  2. Run yarn start --ssl
  3. Add sample data
  4. View a dashboard and generate embed code
  5. Got to https://jsfiddle.net and paste embed code to view Kibana inside iframe

@thomheymann thomheymann added release_note:fix Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! v8.0.0 auto-backport Deprecated: Automatically backport this PR after it's merged v8.1.0 v7.17.0 labels Dec 9, 2021
@thomheymann thomheymann requested a review from a team December 9, 2021 16:29
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

@thomheymann
Copy link
Contributor Author

@elasticmachine merge upstream

@thomheymann
Copy link
Contributor Author

@elasticmachine merge upstream

@azasypkin
Copy link
Member

ACK: will review today or tomorrow.

@azasypkin azasypkin self-requested a review December 13, 2021 12:13
azasypkin
azasypkin reviewed Dec 14, 2021
View reviewed changes
Copy link
Member

@azasypkin azasypkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! Just left two questions.

x-pack/plugins/security/public/authentication/login/login_page.tsx Outdated Show resolved Hide resolved
x-pack/plugins/security/public/authentication/login/login_page.tsx Show resolved Hide resolved
x-pack/plugins/security/public/authentication/login/login_page.test.tsx Outdated Show resolved Hide resolved
@thomheymann thomheymann mentioned this pull request Dec 14, 2021
Open
jportner
jportner reviewed Dec 16, 2021
View reviewed changes
Copy link
Contributor

@jportner jportner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for making this change, I think the different wording will help us troubleshoot SDH issues more quickly, as this has been a problem in the past.

Code review only -- LGTM on green CI, will leave final approval to Oleg

x-pack/plugins/security/public/authentication/login/login_page.tsx
Comment on lines +215 to +225
{this.props.sameSiteCookies !== 'None' ? (
<FormattedMessage
id="xpack.security.loginPage.openInNewWindowOrChangeKibanaConfigTitle"
defaultMessage="To view this content, open it in a new window or ask your administrator to allow cross-origin cookies."
/>
) : (
<FormattedMessage
id="xpack.security.loginPage.openInNewWindowOrChangeBrowserSettingsTitle"
defaultMessage="To view this content, open it in a new window or adjust your browser settings to allow third-party cookies."
/>
)}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@azasypkin
Copy link
Member

ACK: reviewing...

azasypkin
azasypkin approved these changes Dec 16, 2021
View reviewed changes
Copy link
Member

@azasypkin azasypkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, thanks for making these changes!

x-pack/plugins/security/public/authentication/login/login_page.tsx Outdated Show resolved Hide resolved
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
security 491.6KB 493.0KB +1.4KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
security 50.1KB 50.1KB +34.0B

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@thomheymann thomheymann merged commit e0eaca4 into elastic:main Dec 16, 2021
@kibanamachine
Copy link
Contributor

💔 Backport failed

Status Branch Result
8.0 Commit could not be cherrypicked due to conflicts
7.17 The branch "7.17" is invalid or doesn't exist

To backport manually run:
node scripts/backport --pr 120944

@kibanamachine kibanamachine added the backport missing Added to PRs automatically when the are determined to be missing a backport. label Dec 20, 2021
@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create backports run node scripts/backport --pr 120944 or prevent reminders by adding the backport:skip label.

1 similar comment
@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create backports run node scripts/backport --pr 120944 or prevent reminders by adding the backport:skip label.

@thomheymann thomheymann mentioned this pull request Dec 21, 2021
Merged
thomheymann added a commit to thomheymann/kibana that referenced this pull request Dec 21, 2021
@thomheymann
Detect cookies on login page (elastic#120944)
f34947b 
# Conflicts:
#	x-pack/plugins/security/public/authentication/login/login_app.ts
@thomheymann thomheymann mentioned this pull request Dec 21, 2021
Merged
thomheymann added a commit that referenced this pull request Dec 21, 2021
@thomheymann
Detect cookies on login page (#120944) (#121784)
667de29 
# Conflicts:
#	x-pack/plugins/security/public/authentication/login/login_app.ts
@kibanamachine kibanamachine removed the backport missing Added to PRs automatically when the are determined to be missing a backport. label Dec 21, 2021
thomheymann added a commit that referenced this pull request Dec 21, 2021
@thomheymann
Detect cookies on login page (#120944) (#121786)
6fa971f 
# Conflicts:
#	x-pack/plugins/security/public/authentication/login/login_app.ts
TinLe pushed a commit to TinLe/kibana that referenced this pull request Dec 22, 2021
@thomheymann @TinLe
Detect cookies on login page (elastic#120944)
ed907b0
thomheymann added a commit to thomheymann/kibana that referenced this pull request Dec 29, 2021
@thomheymann
Detect cookies on login page (elastic#120944)
9474e91 
# Conflicts:
#	x-pack/plugins/security/public/authentication/login/login_app.ts
@thomheymann thomheymann mentioned this pull request Dec 29, 2021
Merged
thomheymann added a commit that referenced this pull request Dec 29, 2021
@thomheymann
Detect cookies on login page (#120944) (#122115)
0b72ee9 
# Conflicts:
#	x-pack/plugins/security/public/authentication/login/login_app.ts
gbamparop pushed a commit to gbamparop/kibana that referenced this pull request Jan 12, 2022
@thomheymann @gbamparop
Detect cookies on login page (elastic#120944)
4ed9736
@legrego legrego mentioned this pull request Jan 24, 2022
Open
@tylersmalley tylersmalley added ci:cloud-deploy Create or update a Cloud deployment and removed ci:deploy-cloud labels Aug 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@legrego legrego legrego left review comments

@jportner jportner jportner left review comments

@gchaps gchaps gchaps left review comments

@azasypkin azasypkin azasypkin approved these changes

Assignees
No one assigned
Labels
auto-backport Deprecated: Automatically backport this PR after it's merged ci:cloud-deploy Create or update a Cloud deployment release_note:fix Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! v7.17.0 v8.0.0 v8.1.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Embedded Kibana fails to authenticate with Safari
9 participants
@thomheymann @elasticmachine @azasypkin @kibana-ci @kibanamachine @legrego @jportner @gchaps @tylersmalley