Revert "[csp] allow blob styles when running from source (#54991)"

This reverts commit 375f0b4.

docs/development/core/server/kibana-plugin-server.coresetup.getstartservices.md

@@ -1,17 +1,17 @@
-<!-- Do not edit this file. It is automatically generated by API Documenter. -->
-
-[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [CoreSetup](./kibana-plugin-server.coresetup.md) &gt; [getStartServices](./kibana-plugin-server.coresetup.getstartservices.md)
-
-## CoreSetup.getStartServices() method
-
-Allows plugins to get access to APIs available in start inside async handlers. Promise will not resolve until Core and plugin dependencies have completed `start`<!-- -->. This should only be used inside handlers registered during `setup` that will only be executed after `start` lifecycle.
-
-<b>Signature:</b>
-
-```typescript
-getStartServices(): Promise<[CoreStart, TPluginsStart]>;
-```
-<b>Returns:</b>
-
-`Promise<[CoreStart, TPluginsStart]>`
-
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [CoreSetup](./kibana-plugin-server.coresetup.md) &gt; [getStartServices](./kibana-plugin-server.coresetup.getstartservices.md)
+
+## CoreSetup.getStartServices() method
+
+Allows plugins to get access to APIs available in start inside async handlers. Promise will not resolve until Core and plugin dependencies have completed `start`<!-- -->. This should only be used inside handlers registered during `setup` that will only be executed after `start` lifecycle.
+
+<b>Signature:</b>
+
+```typescript
+getStartServices(): Promise<[CoreStart, TPluginsStart]>;
+```
+<b>Returns:</b>
+
+`Promise<[CoreStart, TPluginsStart]>`
+

docs/development/core/server/kibana-plugin-server.coresetup.md

@@ -1,32 +1,32 @@
-<!-- Do not edit this file. It is automatically generated by API Documenter. -->
-
-[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [CoreSetup](./kibana-plugin-server.coresetup.md)
-
-## CoreSetup interface
-
-Context passed to the plugins `setup` method.
-
-<b>Signature:</b>
-
-```typescript
-export interface CoreSetup<TPluginsStart extends object = object> 
-```
-
-## Properties
-
-|  Property | Type | Description |
-|  --- | --- | --- |
-|  [capabilities](./kibana-plugin-server.coresetup.capabilities.md) | <code>CapabilitiesSetup</code> | [CapabilitiesSetup](./kibana-plugin-server.capabilitiessetup.md) |
-|  [context](./kibana-plugin-server.coresetup.context.md) | <code>ContextSetup</code> | [ContextSetup](./kibana-plugin-server.contextsetup.md) |
-|  [elasticsearch](./kibana-plugin-server.coresetup.elasticsearch.md) | <code>ElasticsearchServiceSetup</code> | [ElasticsearchServiceSetup](./kibana-plugin-server.elasticsearchservicesetup.md) |
-|  [http](./kibana-plugin-server.coresetup.http.md) | <code>HttpServiceSetup</code> | [HttpServiceSetup](./kibana-plugin-server.httpservicesetup.md) |
-|  [savedObjects](./kibana-plugin-server.coresetup.savedobjects.md) | <code>SavedObjectsServiceSetup</code> | [SavedObjectsServiceSetup](./kibana-plugin-server.savedobjectsservicesetup.md) |
-|  [uiSettings](./kibana-plugin-server.coresetup.uisettings.md) | <code>UiSettingsServiceSetup</code> | [UiSettingsServiceSetup](./kibana-plugin-server.uisettingsservicesetup.md) |
-|  [uuid](./kibana-plugin-server.coresetup.uuid.md) | <code>UuidServiceSetup</code> | [UuidServiceSetup](./kibana-plugin-server.uuidservicesetup.md) |
-
-## Methods
-
-|  Method | Description |
-|  --- | --- |
-|  [getStartServices()](./kibana-plugin-server.coresetup.getstartservices.md) | Allows plugins to get access to APIs available in start inside async handlers. Promise will not resolve until Core and plugin dependencies have completed <code>start</code>. This should only be used inside handlers registered during <code>setup</code> that will only be executed after <code>start</code> lifecycle. |
-
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [CoreSetup](./kibana-plugin-server.coresetup.md)
+
+## CoreSetup interface
+
+Context passed to the plugins `setup` method.
+
+<b>Signature:</b>
+
+```typescript
+export interface CoreSetup<TPluginsStart extends object = object> 
+```
+
+## Properties
+
+|  Property | Type | Description |
+|  --- | --- | --- |
+|  [capabilities](./kibana-plugin-server.coresetup.capabilities.md) | <code>CapabilitiesSetup</code> | [CapabilitiesSetup](./kibana-plugin-server.capabilitiessetup.md) |
+|  [context](./kibana-plugin-server.coresetup.context.md) | <code>ContextSetup</code> | [ContextSetup](./kibana-plugin-server.contextsetup.md) |
+|  [elasticsearch](./kibana-plugin-server.coresetup.elasticsearch.md) | <code>ElasticsearchServiceSetup</code> | [ElasticsearchServiceSetup](./kibana-plugin-server.elasticsearchservicesetup.md) |
+|  [http](./kibana-plugin-server.coresetup.http.md) | <code>HttpServiceSetup</code> | [HttpServiceSetup](./kibana-plugin-server.httpservicesetup.md) |
+|  [savedObjects](./kibana-plugin-server.coresetup.savedobjects.md) | <code>SavedObjectsServiceSetup</code> | [SavedObjectsServiceSetup](./kibana-plugin-server.savedobjectsservicesetup.md) |
+|  [uiSettings](./kibana-plugin-server.coresetup.uisettings.md) | <code>UiSettingsServiceSetup</code> | [UiSettingsServiceSetup](./kibana-plugin-server.uisettingsservicesetup.md) |
+|  [uuid](./kibana-plugin-server.coresetup.uuid.md) | <code>UuidServiceSetup</code> | [UuidServiceSetup](./kibana-plugin-server.uuidservicesetup.md) |
+
+## Methods
+
+|  Method | Description |
+|  --- | --- |
+|  [getStartServices()](./kibana-plugin-server.coresetup.getstartservices.md) | Allows plugins to get access to APIs available in start inside async handlers. Promise will not resolve until Core and plugin dependencies have completed <code>start</code>. This should only be used inside handlers registered during <code>setup</code> that will only be executed after <code>start</code> lifecycle. |
+

docs/development/core/server/kibana-plugin-server.cspconfig.ruleschangedfromdefault.md → docs/development/core/server/kibana-plugin-server.cspconfig.default.md

@@ -1,11 +1,11 @@
 <!-- Do not edit this file. It is automatically generated by API Documenter. -->
 
-[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [CspConfig](./kibana-plugin-server.cspconfig.md) &gt; [rulesChangedFromDefault](./kibana-plugin-server.cspconfig.ruleschangedfromdefault.md)
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [CspConfig](./kibana-plugin-server.cspconfig.md) &gt; [DEFAULT](./kibana-plugin-server.cspconfig.default.md)
 
-## CspConfig.rulesChangedFromDefault property
+## CspConfig.DEFAULT property
 
 <b>Signature:</b>
 
 ```typescript
-readonly rulesChangedFromDefault: boolean;
+static readonly DEFAULT: CspConfig;
 ```

docs/development/core/server/kibana-plugin-server.cspconfig.md

@@ -20,9 +20,9 @@ The constructor for this class is marked as internal. Third-party code should no
 
 |  Property | Modifiers | Type | Description |
 |  --- | --- | --- | --- |
+|  [DEFAULT](./kibana-plugin-server.cspconfig.default.md) | <code>static</code> | <code>CspConfig</code> |  |
 |  [header](./kibana-plugin-server.cspconfig.header.md) |  | <code>string</code> |  |
 |  [rules](./kibana-plugin-server.cspconfig.rules.md) |  | <code>string[]</code> |  |
-|  [rulesChangedFromDefault](./kibana-plugin-server.cspconfig.ruleschangedfromdefault.md) |  | <code>boolean</code> |  |
 |  [strict](./kibana-plugin-server.cspconfig.strict.md) |  | <code>boolean</code> |  |
 |  [warnLegacyBrowsers](./kibana-plugin-server.cspconfig.warnlegacybrowsers.md) |  | <code>boolean</code> |  |
 

docs/development/core/server/kibana-plugin-server.icspconfig.md

@@ -18,7 +18,6 @@ export interface ICspConfig
 |  --- | --- | --- |
 |  [header](./kibana-plugin-server.icspconfig.header.md) | <code>string</code> | The CSP rules in a formatted directives string for use in a <code>Content-Security-Policy</code> header. |
 |  [rules](./kibana-plugin-server.icspconfig.rules.md) | <code>string[]</code> | The CSP rules used for Kibana. |
-|  [rulesChangedFromDefault](./kibana-plugin-server.icspconfig.ruleschangedfromdefault.md) | <code>boolean</code> | Flag indicating that the configuraion changes the csp rules from the defaults |
 |  [strict](./kibana-plugin-server.icspconfig.strict.md) | <code>boolean</code> | Specify whether browsers that do not support CSP should be able to use Kibana. Use <code>true</code> to block and <code>false</code> to allow. |
 |  [warnLegacyBrowsers](./kibana-plugin-server.icspconfig.warnlegacybrowsers.md) | <code>boolean</code> | Specify whether users with legacy browsers should be warned about their lack of Kibana security compliance. |
 

packages/kbn-dev-utils/src/kbn_client/kbn_client_status.ts

@@ -32,7 +32,6 @@ interface Status {
 interface ApiResponseStatus {
   name: string;
   uuid: string;
-  running_from_source?: true;
   version: {
     number: string;
     build_hash: string;
@@ -59,11 +58,6 @@ export class KbnClientStatus {
     });
   }
 
-  public async isDistributable() {
-    const status = await this.get();
-    return !status.running_from_source;
-  }
-
   /**
    * Get the overall/merged state
    */

packages/kbn-pm/dist/index.js

@@ -43639,10 +43639,6 @@ class KbnClientStatus {
             path: 'api/status',
         });
     }
-    async isDistributable() {
-        const status = await this.get();
-        return !status.running_from_source;
-    }
     /**
      * Get the overall/merged state
      */

src/core/server/csp/csp_config.test.ts

@@ -18,7 +18,6 @@
  */
 
 import { CspConfig } from '.';
-import { createMockEnv } from '../config/env.mock';
 
 // CSP rules aren't strictly additive, so any change can potentially expand or
 // restrict the policy in a way we consider a breaking change. For that reason,
@@ -34,44 +33,53 @@ import { createMockEnv } from '../config/env.mock';
 // the nature of a change in defaults during a PR review.
 
 describe('CspConfig', () => {
-  test('defaults from config', () => {
-    const cspConfig = new CspConfig(createMockEnv());
+  test('DEFAULT', () => {
+    expect(CspConfig.DEFAULT).toMatchInlineSnapshot(`
+      CspConfig {
+        "header": "script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'",
+        "rules": Array [
+          "script-src 'unsafe-eval' 'self'",
+          "worker-src blob: 'self'",
+          "style-src 'unsafe-inline' 'self'",
+        ],
+        "strict": true,
+        "warnLegacyBrowsers": true,
+      }
+    `);
+  });
 
-    expect(cspConfig).toMatchInlineSnapshot(`
+  test('defaults from config', () => {
+    expect(new CspConfig()).toMatchInlineSnapshot(`
       CspConfig {
         "header": "script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'",
         "rules": Array [
           "script-src 'unsafe-eval' 'self'",
           "worker-src blob: 'self'",
           "style-src 'unsafe-inline' 'self'",
         ],
-        "rulesChangedFromDefault": false,
         "strict": true,
         "warnLegacyBrowsers": true,
       }
     `);
   });
 
   test('creates from partial config', () => {
-    const cspConfig = new CspConfig(createMockEnv(), { strict: false, warnLegacyBrowsers: false });
-
-    expect(cspConfig).toMatchInlineSnapshot(`
+    expect(new CspConfig({ strict: false, warnLegacyBrowsers: false })).toMatchInlineSnapshot(`
       CspConfig {
         "header": "script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'",
         "rules": Array [
           "script-src 'unsafe-eval' 'self'",
           "worker-src blob: 'self'",
           "style-src 'unsafe-inline' 'self'",
         ],
-        "rulesChangedFromDefault": false,
         "strict": false,
         "warnLegacyBrowsers": false,
       }
     `);
   });
 
   test('computes header from rules', () => {
-    const cspConfig = new CspConfig(createMockEnv(), { rules: ['alpha', 'beta', 'gamma'] });
+    const cspConfig = new CspConfig({ rules: ['alpha', 'beta', 'gamma'] });
 
     expect(cspConfig).toMatchInlineSnapshot(`
       CspConfig {
@@ -81,25 +89,6 @@ describe('CspConfig', () => {
           "beta",
           "gamma",
         ],
-        "rulesChangedFromDefault": true,
-        "strict": true,
-        "warnLegacyBrowsers": true,
-      }
-    `);
-  });
-
-  test(`includes blob: style-src if env indicates we're running from source`, () => {
-    const cspConfig = new CspConfig(createMockEnv({ dist: false }));
-
-    expect(cspConfig).toMatchInlineSnapshot(`
-      CspConfig {
-        "header": "script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src blob: 'unsafe-inline' 'self'",
-        "rules": Array [
-          "script-src 'unsafe-eval' 'self'",
-          "worker-src blob: 'self'",
-          "style-src blob: 'unsafe-inline' 'self'",
-        ],
-        "rulesChangedFromDefault": false,
         "strict": true,
         "warnLegacyBrowsers": true,
       }

src/core/server/csp/csp_config.ts

@@ -18,7 +18,6 @@
  */
 
 import { config } from './config';
-import { Env } from '../config';
 
 const DEFAULT_CONFIG = Object.freeze(config.schema.validate({}));
 
@@ -49,50 +48,30 @@ export interface ICspConfig {
    * in a `Content-Security-Policy` header.
    */
   readonly header: string;
-
-  /**
-   * Flag indicating that the configuraion changes the csp
-   * rules from the defaults
-   */
-  readonly rulesChangedFromDefault: boolean;
 }
 
 /**
  * CSP configuration for use in Kibana.
  * @public
  */
 export class CspConfig implements ICspConfig {
+  static readonly DEFAULT = new CspConfig();
+
   public readonly rules: string[];
   public readonly strict: boolean;
   public readonly warnLegacyBrowsers: boolean;
   public readonly header: string;
-  public readonly rulesChangedFromDefault: boolean;
 
   /**
    * Returns the default CSP configuration when passed with no config
    * @internal
    */
-  constructor(env: Env, rawCspConfig?: Partial<Omit<ICspConfig, 'header'>>) {
+  constructor(rawCspConfig: Partial<Omit<ICspConfig, 'header'>> = {}) {
     const source = { ...DEFAULT_CONFIG, ...rawCspConfig };
 
-    this.rules = source.rules.map(rule => {
-      // if we receive an env, and it indicates that this isn't a distributable, add `blob:` to the style csp rules
-      if (env && !env.packageInfo.dist && rule.startsWith('style-src ')) {
-        return rule.replace(/^style-src /, 'style-src blob: ');
-      }
-
-      return rule;
-    });
+    this.rules = source.rules;
     this.strict = source.strict;
     this.warnLegacyBrowsers = source.warnLegacyBrowsers;
-    this.header = this.rules.join('; ');
-
-    // only check to see if the csp values are customized when `rawCspConfig` was received.
-    if (!rawCspConfig) {
-      this.rulesChangedFromDefault = false;
-    } else {
-      const defaultCsp = new CspConfig(env);
-      this.rulesChangedFromDefault = defaultCsp.header !== this.header;
-    }
+    this.header = source.rules.join('; ');
   }
 }

src/core/server/http/http_config.ts

@@ -22,7 +22,6 @@ import { hostname } from 'os';
 
 import { CspConfigType, CspConfig, ICspConfig } from '../csp';
 import { SslConfig, sslSchema } from './ssl_config';
-import { Env } from '../config';
 
 const validBasePathRegex = /(^$|^\/.*[^\/]$)/;
 const uuidRegexp = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
@@ -149,7 +148,7 @@ export class HttpConfig {
   /**
    * @internal
    */
-  constructor(rawHttpConfig: HttpConfigType, rawCspConfig: CspConfigType, env: Env) {
+  constructor(rawHttpConfig: HttpConfigType, rawCspConfig: CspConfigType) {
     this.autoListen = rawHttpConfig.autoListen;
     this.host = rawHttpConfig.host;
     this.port = rawHttpConfig.port;
@@ -163,7 +162,7 @@ export class HttpConfig {
     this.rewriteBasePath = rawHttpConfig.rewriteBasePath;
     this.ssl = new SslConfig(rawHttpConfig.ssl || {});
     this.compression = rawHttpConfig.compression;
-    this.csp = new CspConfig(env, rawCspConfig);
+    this.csp = new CspConfig(rawCspConfig);
     this.xsrf = rawHttpConfig.xsrf;
   }
 }