Add Accept and Content-Type JSON headers to Enterprise Search requests

- Without the Accept header, Enterprise Search APIs will kick back a CSRF error - Without the Content-Type header, APIs will not load JSON bodies as parameters per Ruby on Rails docs
elastic · Sep 9, 2020 · a21f5d5 · a21f5d5
1 parent 5b84f79
commit a21f5d5
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 3 deletions.
diff --git a/x-pack/plugins/enterprise_search/common/constants.ts b/x-pack/plugins/enterprise_search/common/constants.ts
@@ -70,6 +70,9 @@ export const WORKPLACE_SEARCH_PLUGIN = {
 
 export const LICENSED_SUPPORT_URL = 'https://support.elastic.co';
 
-export const JSON_HEADER = { 'Content-Type': 'application/json' }; // This needs specific casing or Chrome throws a 415 error
+export const JSON_HEADER = {
+  'Content-Type': 'application/json', // This needs specific casing or Chrome throws a 415 error
+  Accept: 'application/json', // Required for Enterprise Search APIs
+};
 
 export const ENGINES_PAGE_SIZE = 10;
diff --git a/x-pack/plugins/enterprise_search/server/lib/enterprise_search_request_handler.test.ts b/x-pack/plugins/enterprise_search/server/lib/enterprise_search_request_handler.test.ts
@@ -5,6 +5,7 @@
  */
 
 import { mockConfig, mockLogger } from '../__mocks__';
+import { JSON_HEADER } from '../../common/constants';
 
 import { EnterpriseSearchRequestHandler } from './enterprise_search_request_handler';
 
@@ -193,7 +194,7 @@ const makeAPICall = (handler: Function, params = {}) => {
 const EnterpriseSearchAPI = {
   shouldHaveBeenCalledWith(expectedUrl: string, expectedParams = {}) {
     expect(fetchMock).toHaveBeenCalledWith(expectedUrl, {
-      headers: { Authorization: 'Basic 123' },
+      headers: { Authorization: 'Basic 123', ...JSON_HEADER },
       method: 'GET',
       body: undefined,
       ...expectedParams,

diff --git a/x-pack/plugins/enterprise_search/server/lib/enterprise_search_request_handler.ts b/x-pack/plugins/enterprise_search/server/lib/enterprise_search_request_handler.ts
@@ -14,6 +14,7 @@ import {
   Logger,
 } from 'src/core/server';
 import { ConfigType } from '../index';
+import { JSON_HEADER } from '../../common/constants';
 
 interface IConstructorDependencies {
   config: ConfigType;
@@ -65,7 +66,7 @@ export class EnterpriseSearchRequestHandler {
 
         // Set up API options
         const { method } = request.route;
-        const headers = { Authorization: request.headers.authorization as string };
+        const headers = { Authorization: request.headers.authorization as string, ...JSON_HEADER };
         const body = !this.isEmptyObj(request.body as object)
           ? JSON.stringify(request.body)
           : undefined;