Changed API endpoint from access: 'internal' to access: 'public' (ela…

…stic#190316) ## Summary Changed acces to `public` for `/internal/security/analytics/_record_violations` endpoint. Kibana reports Content-Security-Policy (CSP) violations and Permission-Policy violations to the `/internal/security/analytics/_record_violations` endpoint. This endpoint was marked as `internal`, which didn't work because reports are sent by browser. __Fixes: https://github.com/elastic/kibana-team/issues/1024__ Co-authored-by: Elastic Machine <[email protected]>
elena-shostak · Aug 15, 2024 · 2e7d67f · 2e7d67f
1 parent 6cb7019
commit 2e7d67f
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/x-pack/plugins/security/server/routes/analytics/record_violations.ts b/x-pack/plugins/security/server/routes/analytics/record_violations.ts
@@ -161,7 +161,7 @@ export function defineRecordViolations({ router, analyticsService }: RouteDefini
          * This endpoint is called by the browser in the background so `kbn-xsrf` header is not sent.
          */
         xsrfRequired: false,
-        access: 'internal',
+        access: 'public',
         body: {
           /**
            * Both `application/reports+json` (CSP3 spec) and `application/csp-report` (Safari) are