Remove kbn-version header from requests to Kibana. (#14482) (#14493)

Non-browser clients are expected to use only kbn-xsrf for CSRF protection, and not kbn-version. kbn-version is problematic when Kibana is upgraded, since the version is only pinned at startup when libbeat establishes the connection. See elastic/kibana@621bf0e Fixes #14481
elastic · Nov 19, 2019 · 4db6283 · 4db6283
1 parent 5724f3a
commit 4db6283
Showing 1 changed file with 0 additions and 3 deletions.
diff --git a/libbeat/kibana/client.go b/libbeat/kibana/client.go
@@ -194,9 +194,6 @@ func (conn *Connection) Send(method, extraPath string,
 	req.Header.Set("Content-Type", "application/json")
 	req.Header.Add("Accept", "application/json")
 	req.Header.Set("kbn-xsrf", "1")
-	if method != "GET" {
-		req.Header.Set("kbn-version", conn.Version.String())
-	}
 
 	for header, values := range headers {
 		for _, value := range values {