Fix fallback when Clipboard API is unavailable#229531
Merged
jughosta merged 2 commits intoelastic:mainfrom Jul 28, 2025
Merged
Conversation
jughosta
added
Feature:UnifiedDataTable
backport:version
Contributor
|
/ci |
Contributor
💚 Build Succeeded
Metrics [docs]Async chunks
|
Contributor
|
@elasticmachine run docs-build |
jughosta
approved these changes
Jul 28, 2025
Contributor
jughosta
left a comment
jughosta
left a comment
There was a problem hiding this comment.
Thanks for the contribution! LGTM 👍
Contributor
|
Starting backport for target branches: 8.18, 8.19, 9.0, 9.1 |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jul 28, 2025
## Summary When accessing Kibana from an insecure browser context (e.g. `http://test.local`), some of Discover's "Copy to clipboard" actions have no effect (they don't copy data to the clipboard), despite showing a toast that says the data was copied. ## Analysis From the main Kibana Discover page, there are several different ways to copy to clipboard, with varying implementations: - ✅ Table Cell > Copy value of fields.type (`copyValueToClipboard`) - ✅ Table Header > Copy name (`copyColumnNameToClipboard`) -⚠️ Table Header > Copy column (`copyColumnValuesToClipboard`) -⚠️ Selected > Copy selection as text (`copyRowsAsTextToClipboard`) -⚠️ Selected > Copy documents as JSON (`copyRowsAsJsonToClipboard`) - ✅ Document sidebar > JSON > Copy to clipboard (`copyToClipboard`) The methods that **✅ work in both secure and insecure contexts** use [EUI `copyToClipboard`](https://github.com/elastic/eui/blob/6069ba651329bb2f65e6e5f8641b29e6b16198c6/packages/eui/src/services/copy/copy_to_clipboard.ts#L29-L58), which creates a hidden text element, fills it with data, selects it, and simulates the user invoking the "copy" action. The methods that **⚠️ only work in secure context** call `await window.navigator?.clipboard?.writeText(textToCopy);`. But since the [JavaScript Clipboard API](https://developer.mozilla.org/en-US/docs/Web/API/Clipboard_API) is unavailable in that context (`window.navigator.clipboard` is undefined), this has no effect: it neither copies nor throws an exception. If an exception is thrown, it falls back to EUI `copyToClipboard` — but since no exception is thrown, it skips this fallback. This problem does not manifest in the default Kibana dev environment, `http://localhost:5601`, since [browsers consider `http://localhost` secure even though it doesn't use `https`](https://w3c.github.io/webappsec-secure-contexts/#localhost). ## Proposed solution This MR fixes that fallback (by throwing an exception if the Clipboard API is unavailable), and improves test coverage to check both when the Clipboard API is available and unavailable. It also fixes some false-positives in the existing tests, where some of the mocks were not being reset between each test, leading to some execution counters leaking from one test into the next. ## Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - this MR doesn't add or change user-facing text - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - this MR doesn't add new features - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - this MR adds tests - [x] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - this MR doesn't change any keys - [x] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - this MR doesn't change any APIs - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - I don't have access to that - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - added release notes, but I don't have permission to add the label - [ ] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. - I don't have access to view that document ### Identify risks (no particular new risks) ## Release note Fixes issue where some of Discover's "Copy to clipboard" actions only worked when accessing Kibana in a secure browser context. (cherry picked from commit f43256f)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jul 28, 2025
## Summary When accessing Kibana from an insecure browser context (e.g. `http://test.local`), some of Discover's "Copy to clipboard" actions have no effect (they don't copy data to the clipboard), despite showing a toast that says the data was copied. ## Analysis From the main Kibana Discover page, there are several different ways to copy to clipboard, with varying implementations: - ✅ Table Cell > Copy value of fields.type (`copyValueToClipboard`) - ✅ Table Header > Copy name (`copyColumnNameToClipboard`) -⚠️ Table Header > Copy column (`copyColumnValuesToClipboard`) -⚠️ Selected > Copy selection as text (`copyRowsAsTextToClipboard`) -⚠️ Selected > Copy documents as JSON (`copyRowsAsJsonToClipboard`) - ✅ Document sidebar > JSON > Copy to clipboard (`copyToClipboard`) The methods that **✅ work in both secure and insecure contexts** use [EUI `copyToClipboard`](https://github.com/elastic/eui/blob/6069ba651329bb2f65e6e5f8641b29e6b16198c6/packages/eui/src/services/copy/copy_to_clipboard.ts#L29-L58), which creates a hidden text element, fills it with data, selects it, and simulates the user invoking the "copy" action. The methods that **⚠️ only work in secure context** call `await window.navigator?.clipboard?.writeText(textToCopy);`. But since the [JavaScript Clipboard API](https://developer.mozilla.org/en-US/docs/Web/API/Clipboard_API) is unavailable in that context (`window.navigator.clipboard` is undefined), this has no effect: it neither copies nor throws an exception. If an exception is thrown, it falls back to EUI `copyToClipboard` — but since no exception is thrown, it skips this fallback. This problem does not manifest in the default Kibana dev environment, `http://localhost:5601`, since [browsers consider `http://localhost` secure even though it doesn't use `https`](https://w3c.github.io/webappsec-secure-contexts/#localhost). ## Proposed solution This MR fixes that fallback (by throwing an exception if the Clipboard API is unavailable), and improves test coverage to check both when the Clipboard API is available and unavailable. It also fixes some false-positives in the existing tests, where some of the mocks were not being reset between each test, leading to some execution counters leaking from one test into the next. ## Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - this MR doesn't add or change user-facing text - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - this MR doesn't add new features - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - this MR adds tests - [x] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - this MR doesn't change any keys - [x] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - this MR doesn't change any APIs - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - I don't have access to that - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - added release notes, but I don't have permission to add the label - [ ] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. - I don't have access to view that document ### Identify risks (no particular new risks) ## Release note Fixes issue where some of Discover's "Copy to clipboard" actions only worked when accessing Kibana in a secure browser context. (cherry picked from commit f43256f)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jul 28, 2025
## Summary When accessing Kibana from an insecure browser context (e.g. `http://test.local`), some of Discover's "Copy to clipboard" actions have no effect (they don't copy data to the clipboard), despite showing a toast that says the data was copied. ## Analysis From the main Kibana Discover page, there are several different ways to copy to clipboard, with varying implementations: - ✅ Table Cell > Copy value of fields.type (`copyValueToClipboard`) - ✅ Table Header > Copy name (`copyColumnNameToClipboard`) -⚠️ Table Header > Copy column (`copyColumnValuesToClipboard`) -⚠️ Selected > Copy selection as text (`copyRowsAsTextToClipboard`) -⚠️ Selected > Copy documents as JSON (`copyRowsAsJsonToClipboard`) - ✅ Document sidebar > JSON > Copy to clipboard (`copyToClipboard`) The methods that **✅ work in both secure and insecure contexts** use [EUI `copyToClipboard`](https://github.com/elastic/eui/blob/6069ba651329bb2f65e6e5f8641b29e6b16198c6/packages/eui/src/services/copy/copy_to_clipboard.ts#L29-L58), which creates a hidden text element, fills it with data, selects it, and simulates the user invoking the "copy" action. The methods that **⚠️ only work in secure context** call `await window.navigator?.clipboard?.writeText(textToCopy);`. But since the [JavaScript Clipboard API](https://developer.mozilla.org/en-US/docs/Web/API/Clipboard_API) is unavailable in that context (`window.navigator.clipboard` is undefined), this has no effect: it neither copies nor throws an exception. If an exception is thrown, it falls back to EUI `copyToClipboard` — but since no exception is thrown, it skips this fallback. This problem does not manifest in the default Kibana dev environment, `http://localhost:5601`, since [browsers consider `http://localhost` secure even though it doesn't use `https`](https://w3c.github.io/webappsec-secure-contexts/#localhost). ## Proposed solution This MR fixes that fallback (by throwing an exception if the Clipboard API is unavailable), and improves test coverage to check both when the Clipboard API is available and unavailable. It also fixes some false-positives in the existing tests, where some of the mocks were not being reset between each test, leading to some execution counters leaking from one test into the next. ## Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - this MR doesn't add or change user-facing text - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - this MR doesn't add new features - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - this MR adds tests - [x] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - this MR doesn't change any keys - [x] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - this MR doesn't change any APIs - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - I don't have access to that - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - added release notes, but I don't have permission to add the label - [ ] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. - I don't have access to view that document ### Identify risks (no particular new risks) ## Release note Fixes issue where some of Discover's "Copy to clipboard" actions only worked when accessing Kibana in a secure browser context. (cherry picked from commit f43256f)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jul 28, 2025
## Summary When accessing Kibana from an insecure browser context (e.g. `http://test.local`), some of Discover's "Copy to clipboard" actions have no effect (they don't copy data to the clipboard), despite showing a toast that says the data was copied. ## Analysis From the main Kibana Discover page, there are several different ways to copy to clipboard, with varying implementations: - ✅ Table Cell > Copy value of fields.type (`copyValueToClipboard`) - ✅ Table Header > Copy name (`copyColumnNameToClipboard`) -⚠️ Table Header > Copy column (`copyColumnValuesToClipboard`) -⚠️ Selected > Copy selection as text (`copyRowsAsTextToClipboard`) -⚠️ Selected > Copy documents as JSON (`copyRowsAsJsonToClipboard`) - ✅ Document sidebar > JSON > Copy to clipboard (`copyToClipboard`) The methods that **✅ work in both secure and insecure contexts** use [EUI `copyToClipboard`](https://github.com/elastic/eui/blob/6069ba651329bb2f65e6e5f8641b29e6b16198c6/packages/eui/src/services/copy/copy_to_clipboard.ts#L29-L58), which creates a hidden text element, fills it with data, selects it, and simulates the user invoking the "copy" action. The methods that **⚠️ only work in secure context** call `await window.navigator?.clipboard?.writeText(textToCopy);`. But since the [JavaScript Clipboard API](https://developer.mozilla.org/en-US/docs/Web/API/Clipboard_API) is unavailable in that context (`window.navigator.clipboard` is undefined), this has no effect: it neither copies nor throws an exception. If an exception is thrown, it falls back to EUI `copyToClipboard` — but since no exception is thrown, it skips this fallback. This problem does not manifest in the default Kibana dev environment, `http://localhost:5601`, since [browsers consider `http://localhost` secure even though it doesn't use `https`](https://w3c.github.io/webappsec-secure-contexts/#localhost). ## Proposed solution This MR fixes that fallback (by throwing an exception if the Clipboard API is unavailable), and improves test coverage to check both when the Clipboard API is available and unavailable. It also fixes some false-positives in the existing tests, where some of the mocks were not being reset between each test, leading to some execution counters leaking from one test into the next. ## Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - this MR doesn't add or change user-facing text - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - this MR doesn't add new features - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - this MR adds tests - [x] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - this MR doesn't change any keys - [x] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - this MR doesn't change any APIs - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - I don't have access to that - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - added release notes, but I don't have permission to add the label - [ ] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. - I don't have access to view that document ### Identify risks (no particular new risks) ## Release note Fixes issue where some of Discover's "Copy to clipboard" actions only worked when accessing Kibana in a secure browser context. (cherry picked from commit f43256f)
Contributor
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Jul 28, 2025
) # Backport This will backport the following commits from `main` to `8.19`: - [Fix fallback when Clipboard API is unavailable (#229531)](#229531) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Steve Mokris","email":"smokris@softpixel.com"},"sourceCommit":{"committedDate":"2025-07-28T14:06:32Z","message":"Fix fallback when Clipboard API is unavailable (#229531)\n\n## Summary\nWhen accessing Kibana from an insecure browser context (e.g.\n`http://test.local`), some of Discover's \"Copy to clipboard\" actions\nhave no effect (they don't copy data to the clipboard), despite showing\na toast that says the data was copied.\n\n## Analysis\nFrom the main Kibana Discover page, there are several different ways to\ncopy to clipboard, with varying implementations:\n\n- ✅ Table Cell > Copy value of fields.type (`copyValueToClipboard`)\n- ✅ Table Header > Copy name (`copyColumnNameToClipboard`)\n-⚠️ Table Header > Copy column (`copyColumnValuesToClipboard`)\n-⚠️ Selected > Copy selection as text (`copyRowsAsTextToClipboard`)\n-⚠️ Selected > Copy documents as JSON (`copyRowsAsJsonToClipboard`)\n- ✅ Document sidebar > JSON > Copy to clipboard (`copyToClipboard`)\n\nThe methods that **✅ work in both secure and insecure contexts** use\n[EUI\n`copyToClipboard`](https://github.com/elastic/eui/blob/6069ba651329bb2f65e6e5f8641b29e6b16198c6/packages/eui/src/services/copy/copy_to_clipboard.ts#L29-L58),\nwhich creates a hidden text element, fills it with data, selects it, and\nsimulates the user invoking the \"copy\" action.\n\nThe methods that **⚠️ only work in secure context** call `await\nwindow.navigator?.clipboard?.writeText(textToCopy);`. But since the\n[JavaScript Clipboard\nAPI](https://developer.mozilla.org/en-US/docs/Web/API/Clipboard_API) is\nunavailable in that context (`window.navigator.clipboard` is undefined),\nthis has no effect: it neither copies nor throws an exception. If an\nexception is thrown, it falls back to EUI `copyToClipboard` — but since\nno exception is thrown, it skips this fallback.\n\nThis problem does not manifest in the default Kibana dev environment,\n`http://localhost:5601`, since [browsers consider `http://localhost`\nsecure even though it doesn't use\n`https`](https://w3c.github.io/webappsec-secure-contexts/#localhost).\n\n## Proposed solution\nThis MR fixes that fallback (by throwing an exception if the Clipboard\nAPI is unavailable), and improves test coverage to check both when the\nClipboard API is available and unavailable. It also fixes some\nfalse-positives in the existing tests, where some of the mocks were not\nbeing reset between each test, leading to some execution counters\nleaking from one test into the next.\n\n## Checklist\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n - this MR doesn't add or change user-facing text\n- [x]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n - this MR doesn't add new features\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n - this MR adds tests\n- [x] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n - this MR doesn't change any keys\n- [x] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n - this MR doesn't change any APIs\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n - I don't have access to that\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n - added release notes, but I don't have permission to add the label\n- [ ] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n - I don't have access to view that document\n\n### Identify risks\n(no particular new risks)\n\n## Release note\nFixes issue where some of Discover's \"Copy to clipboard\" actions only\nworked when accessing Kibana in a secure browser context.","sha":"f43256ff06609ba5b4bdcaa0794abcfaaadffc99","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","💝community","Feature:UnifiedDataTable","backport:version","v9.2.0","v9.0.5","v9.1.1","v8.18.5","v8.19.1"],"title":"Fix fallback when Clipboard API is unavailable","number":229531,"url":"https://github.com/elastic/kibana/pull/229531","mergeCommit":{"message":"Fix fallback when Clipboard API is unavailable (#229531)\n\n## Summary\nWhen accessing Kibana from an insecure browser context (e.g.\n`http://test.local`), some of Discover's \"Copy to clipboard\" actions\nhave no effect (they don't copy data to the clipboard), despite showing\na toast that says the data was copied.\n\n## Analysis\nFrom the main Kibana Discover page, there are several different ways to\ncopy to clipboard, with varying implementations:\n\n- ✅ Table Cell > Copy value of fields.type (`copyValueToClipboard`)\n- ✅ Table Header > Copy name (`copyColumnNameToClipboard`)\n-⚠️ Table Header > Copy column (`copyColumnValuesToClipboard`)\n-⚠️ Selected > Copy selection as text (`copyRowsAsTextToClipboard`)\n-⚠️ Selected > Copy documents as JSON (`copyRowsAsJsonToClipboard`)\n- ✅ Document sidebar > JSON > Copy to clipboard (`copyToClipboard`)\n\nThe methods that **✅ work in both secure and insecure contexts** use\n[EUI\n`copyToClipboard`](https://github.com/elastic/eui/blob/6069ba651329bb2f65e6e5f8641b29e6b16198c6/packages/eui/src/services/copy/copy_to_clipboard.ts#L29-L58),\nwhich creates a hidden text element, fills it with data, selects it, and\nsimulates the user invoking the \"copy\" action.\n\nThe methods that **⚠️ only work in secure context** call `await\nwindow.navigator?.clipboard?.writeText(textToCopy);`. But since the\n[JavaScript Clipboard\nAPI](https://developer.mozilla.org/en-US/docs/Web/API/Clipboard_API) is\nunavailable in that context (`window.navigator.clipboard` is undefined),\nthis has no effect: it neither copies nor throws an exception. If an\nexception is thrown, it falls back to EUI `copyToClipboard` — but since\nno exception is thrown, it skips this fallback.\n\nThis problem does not manifest in the default Kibana dev environment,\n`http://localhost:5601`, since [browsers consider `http://localhost`\nsecure even though it doesn't use\n`https`](https://w3c.github.io/webappsec-secure-contexts/#localhost).\n\n## Proposed solution\nThis MR fixes that fallback (by throwing an exception if the Clipboard\nAPI is unavailable), and improves test coverage to check both when the\nClipboard API is available and unavailable. It also fixes some\nfalse-positives in the existing tests, where some of the mocks were not\nbeing reset between each test, leading to some execution counters\nleaking from one test into the next.\n\n## Checklist\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n - this MR doesn't add or change user-facing text\n- [x]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n - this MR doesn't add new features\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n - this MR adds tests\n- [x] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n - this MR doesn't change any keys\n- [x] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n - this MR doesn't change any APIs\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n - I don't have access to that\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n - added release notes, but I don't have permission to add the label\n- [ ] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n - I don't have access to view that document\n\n### Identify risks\n(no particular new risks)\n\n## Release note\nFixes issue where some of Discover's \"Copy to clipboard\" actions only\nworked when accessing Kibana in a secure browser context.","sha":"f43256ff06609ba5b4bdcaa0794abcfaaadffc99"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","9.1","8.18","8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/229531","number":229531,"mergeCommit":{"message":"Fix fallback when Clipboard API is unavailable (#229531)\n\n## Summary\nWhen accessing Kibana from an insecure browser context (e.g.\n`http://test.local`), some of Discover's \"Copy to clipboard\" actions\nhave no effect (they don't copy data to the clipboard), despite showing\na toast that says the data was copied.\n\n## Analysis\nFrom the main Kibana Discover page, there are several different ways to\ncopy to clipboard, with varying implementations:\n\n- ✅ Table Cell > Copy value of fields.type (`copyValueToClipboard`)\n- ✅ Table Header > Copy name (`copyColumnNameToClipboard`)\n-⚠️ Table Header > Copy column (`copyColumnValuesToClipboard`)\n-⚠️ Selected > Copy selection as text (`copyRowsAsTextToClipboard`)\n-⚠️ Selected > Copy documents as JSON (`copyRowsAsJsonToClipboard`)\n- ✅ Document sidebar > JSON > Copy to clipboard (`copyToClipboard`)\n\nThe methods that **✅ work in both secure and insecure contexts** use\n[EUI\n`copyToClipboard`](https://github.com/elastic/eui/blob/6069ba651329bb2f65e6e5f8641b29e6b16198c6/packages/eui/src/services/copy/copy_to_clipboard.ts#L29-L58),\nwhich creates a hidden text element, fills it with data, selects it, and\nsimulates the user invoking the \"copy\" action.\n\nThe methods that **⚠️ only work in secure context** call `await\nwindow.navigator?.clipboard?.writeText(textToCopy);`. But since the\n[JavaScript Clipboard\nAPI](https://developer.mozilla.org/en-US/docs/Web/API/Clipboard_API) is\nunavailable in that context (`window.navigator.clipboard` is undefined),\nthis has no effect: it neither copies nor throws an exception. If an\nexception is thrown, it falls back to EUI `copyToClipboard` — but since\nno exception is thrown, it skips this fallback.\n\nThis problem does not manifest in the default Kibana dev environment,\n`http://localhost:5601`, since [browsers consider `http://localhost`\nsecure even though it doesn't use\n`https`](https://w3c.github.io/webappsec-secure-contexts/#localhost).\n\n## Proposed solution\nThis MR fixes that fallback (by throwing an exception if the Clipboard\nAPI is unavailable), and improves test coverage to check both when the\nClipboard API is available and unavailable. It also fixes some\nfalse-positives in the existing tests, where some of the mocks were not\nbeing reset between each test, leading to some execution counters\nleaking from one test into the next.\n\n## Checklist\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n - this MR doesn't add or change user-facing text\n- [x]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n - this MR doesn't add new features\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n - this MR adds tests\n- [x] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n - this MR doesn't change any keys\n- [x] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n - this MR doesn't change any APIs\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n - I don't have access to that\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n - added release notes, but I don't have permission to add the label\n- [ ] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n - I don't have access to view that document\n\n### Identify risks\n(no particular new risks)\n\n## Release note\nFixes issue where some of Discover's \"Copy to clipboard\" actions only\nworked when accessing Kibana in a secure browser context.","sha":"f43256ff06609ba5b4bdcaa0794abcfaaadffc99"}},{"branch":"9.0","label":"v9.0.5","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.1","label":"v9.1.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.5","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Steve Mokris <smokris@softpixel.com>
kibanamachine
added a commit
that referenced
this pull request
Jul 28, 2025
# Backport This will backport the following commits from `main` to `9.0`: - [Fix fallback when Clipboard API is unavailable (#229531)](#229531) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Steve Mokris","email":"smokris@softpixel.com"},"sourceCommit":{"committedDate":"2025-07-28T14:06:32Z","message":"Fix fallback when Clipboard API is unavailable (#229531)\n\n## Summary\nWhen accessing Kibana from an insecure browser context (e.g.\n`http://test.local`), some of Discover's \"Copy to clipboard\" actions\nhave no effect (they don't copy data to the clipboard), despite showing\na toast that says the data was copied.\n\n## Analysis\nFrom the main Kibana Discover page, there are several different ways to\ncopy to clipboard, with varying implementations:\n\n- ✅ Table Cell > Copy value of fields.type (`copyValueToClipboard`)\n- ✅ Table Header > Copy name (`copyColumnNameToClipboard`)\n-⚠️ Table Header > Copy column (`copyColumnValuesToClipboard`)\n-⚠️ Selected > Copy selection as text (`copyRowsAsTextToClipboard`)\n-⚠️ Selected > Copy documents as JSON (`copyRowsAsJsonToClipboard`)\n- ✅ Document sidebar > JSON > Copy to clipboard (`copyToClipboard`)\n\nThe methods that **✅ work in both secure and insecure contexts** use\n[EUI\n`copyToClipboard`](https://github.com/elastic/eui/blob/6069ba651329bb2f65e6e5f8641b29e6b16198c6/packages/eui/src/services/copy/copy_to_clipboard.ts#L29-L58),\nwhich creates a hidden text element, fills it with data, selects it, and\nsimulates the user invoking the \"copy\" action.\n\nThe methods that **⚠️ only work in secure context** call `await\nwindow.navigator?.clipboard?.writeText(textToCopy);`. But since the\n[JavaScript Clipboard\nAPI](https://developer.mozilla.org/en-US/docs/Web/API/Clipboard_API) is\nunavailable in that context (`window.navigator.clipboard` is undefined),\nthis has no effect: it neither copies nor throws an exception. If an\nexception is thrown, it falls back to EUI `copyToClipboard` — but since\nno exception is thrown, it skips this fallback.\n\nThis problem does not manifest in the default Kibana dev environment,\n`http://localhost:5601`, since [browsers consider `http://localhost`\nsecure even though it doesn't use\n`https`](https://w3c.github.io/webappsec-secure-contexts/#localhost).\n\n## Proposed solution\nThis MR fixes that fallback (by throwing an exception if the Clipboard\nAPI is unavailable), and improves test coverage to check both when the\nClipboard API is available and unavailable. It also fixes some\nfalse-positives in the existing tests, where some of the mocks were not\nbeing reset between each test, leading to some execution counters\nleaking from one test into the next.\n\n## Checklist\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n - this MR doesn't add or change user-facing text\n- [x]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n - this MR doesn't add new features\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n - this MR adds tests\n- [x] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n - this MR doesn't change any keys\n- [x] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n - this MR doesn't change any APIs\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n - I don't have access to that\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n - added release notes, but I don't have permission to add the label\n- [ ] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n - I don't have access to view that document\n\n### Identify risks\n(no particular new risks)\n\n## Release note\nFixes issue where some of Discover's \"Copy to clipboard\" actions only\nworked when accessing Kibana in a secure browser context.","sha":"f43256ff06609ba5b4bdcaa0794abcfaaadffc99","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","💝community","Feature:UnifiedDataTable","backport:version","v9.2.0","v9.0.5","v9.1.1","v8.18.5","v8.19.1"],"title":"Fix fallback when Clipboard API is unavailable","number":229531,"url":"https://github.com/elastic/kibana/pull/229531","mergeCommit":{"message":"Fix fallback when Clipboard API is unavailable (#229531)\n\n## Summary\nWhen accessing Kibana from an insecure browser context (e.g.\n`http://test.local`), some of Discover's \"Copy to clipboard\" actions\nhave no effect (they don't copy data to the clipboard), despite showing\na toast that says the data was copied.\n\n## Analysis\nFrom the main Kibana Discover page, there are several different ways to\ncopy to clipboard, with varying implementations:\n\n- ✅ Table Cell > Copy value of fields.type (`copyValueToClipboard`)\n- ✅ Table Header > Copy name (`copyColumnNameToClipboard`)\n-⚠️ Table Header > Copy column (`copyColumnValuesToClipboard`)\n-⚠️ Selected > Copy selection as text (`copyRowsAsTextToClipboard`)\n-⚠️ Selected > Copy documents as JSON (`copyRowsAsJsonToClipboard`)\n- ✅ Document sidebar > JSON > Copy to clipboard (`copyToClipboard`)\n\nThe methods that **✅ work in both secure and insecure contexts** use\n[EUI\n`copyToClipboard`](https://github.com/elastic/eui/blob/6069ba651329bb2f65e6e5f8641b29e6b16198c6/packages/eui/src/services/copy/copy_to_clipboard.ts#L29-L58),\nwhich creates a hidden text element, fills it with data, selects it, and\nsimulates the user invoking the \"copy\" action.\n\nThe methods that **⚠️ only work in secure context** call `await\nwindow.navigator?.clipboard?.writeText(textToCopy);`. But since the\n[JavaScript Clipboard\nAPI](https://developer.mozilla.org/en-US/docs/Web/API/Clipboard_API) is\nunavailable in that context (`window.navigator.clipboard` is undefined),\nthis has no effect: it neither copies nor throws an exception. If an\nexception is thrown, it falls back to EUI `copyToClipboard` — but since\nno exception is thrown, it skips this fallback.\n\nThis problem does not manifest in the default Kibana dev environment,\n`http://localhost:5601`, since [browsers consider `http://localhost`\nsecure even though it doesn't use\n`https`](https://w3c.github.io/webappsec-secure-contexts/#localhost).\n\n## Proposed solution\nThis MR fixes that fallback (by throwing an exception if the Clipboard\nAPI is unavailable), and improves test coverage to check both when the\nClipboard API is available and unavailable. It also fixes some\nfalse-positives in the existing tests, where some of the mocks were not\nbeing reset between each test, leading to some execution counters\nleaking from one test into the next.\n\n## Checklist\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n - this MR doesn't add or change user-facing text\n- [x]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n - this MR doesn't add new features\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n - this MR adds tests\n- [x] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n - this MR doesn't change any keys\n- [x] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n - this MR doesn't change any APIs\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n - I don't have access to that\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n - added release notes, but I don't have permission to add the label\n- [ ] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n - I don't have access to view that document\n\n### Identify risks\n(no particular new risks)\n\n## Release note\nFixes issue where some of Discover's \"Copy to clipboard\" actions only\nworked when accessing Kibana in a secure browser context.","sha":"f43256ff06609ba5b4bdcaa0794abcfaaadffc99"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","9.1","8.18","8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/229531","number":229531,"mergeCommit":{"message":"Fix fallback when Clipboard API is unavailable (#229531)\n\n## Summary\nWhen accessing Kibana from an insecure browser context (e.g.\n`http://test.local`), some of Discover's \"Copy to clipboard\" actions\nhave no effect (they don't copy data to the clipboard), despite showing\na toast that says the data was copied.\n\n## Analysis\nFrom the main Kibana Discover page, there are several different ways to\ncopy to clipboard, with varying implementations:\n\n- ✅ Table Cell > Copy value of fields.type (`copyValueToClipboard`)\n- ✅ Table Header > Copy name (`copyColumnNameToClipboard`)\n-⚠️ Table Header > Copy column (`copyColumnValuesToClipboard`)\n-⚠️ Selected > Copy selection as text (`copyRowsAsTextToClipboard`)\n-⚠️ Selected > Copy documents as JSON (`copyRowsAsJsonToClipboard`)\n- ✅ Document sidebar > JSON > Copy to clipboard (`copyToClipboard`)\n\nThe methods that **✅ work in both secure and insecure contexts** use\n[EUI\n`copyToClipboard`](https://github.com/elastic/eui/blob/6069ba651329bb2f65e6e5f8641b29e6b16198c6/packages/eui/src/services/copy/copy_to_clipboard.ts#L29-L58),\nwhich creates a hidden text element, fills it with data, selects it, and\nsimulates the user invoking the \"copy\" action.\n\nThe methods that **⚠️ only work in secure context** call `await\nwindow.navigator?.clipboard?.writeText(textToCopy);`. But since the\n[JavaScript Clipboard\nAPI](https://developer.mozilla.org/en-US/docs/Web/API/Clipboard_API) is\nunavailable in that context (`window.navigator.clipboard` is undefined),\nthis has no effect: it neither copies nor throws an exception. If an\nexception is thrown, it falls back to EUI `copyToClipboard` — but since\nno exception is thrown, it skips this fallback.\n\nThis problem does not manifest in the default Kibana dev environment,\n`http://localhost:5601`, since [browsers consider `http://localhost`\nsecure even though it doesn't use\n`https`](https://w3c.github.io/webappsec-secure-contexts/#localhost).\n\n## Proposed solution\nThis MR fixes that fallback (by throwing an exception if the Clipboard\nAPI is unavailable), and improves test coverage to check both when the\nClipboard API is available and unavailable. It also fixes some\nfalse-positives in the existing tests, where some of the mocks were not\nbeing reset between each test, leading to some execution counters\nleaking from one test into the next.\n\n## Checklist\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n - this MR doesn't add or change user-facing text\n- [x]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n - this MR doesn't add new features\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n - this MR adds tests\n- [x] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n - this MR doesn't change any keys\n- [x] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n - this MR doesn't change any APIs\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n - I don't have access to that\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n - added release notes, but I don't have permission to add the label\n- [ ] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n - I don't have access to view that document\n\n### Identify risks\n(no particular new risks)\n\n## Release note\nFixes issue where some of Discover's \"Copy to clipboard\" actions only\nworked when accessing Kibana in a secure browser context.","sha":"f43256ff06609ba5b4bdcaa0794abcfaaadffc99"}},{"branch":"9.0","label":"v9.0.5","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.1","label":"v9.1.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.5","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Steve Mokris <smokris@softpixel.com>
kibanamachine
added a commit
that referenced
this pull request
Jul 28, 2025
# Backport This will backport the following commits from `main` to `9.1`: - [Fix fallback when Clipboard API is unavailable (#229531)](#229531) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Steve Mokris","email":"smokris@softpixel.com"},"sourceCommit":{"committedDate":"2025-07-28T14:06:32Z","message":"Fix fallback when Clipboard API is unavailable (#229531)\n\n## Summary\nWhen accessing Kibana from an insecure browser context (e.g.\n`http://test.local`), some of Discover's \"Copy to clipboard\" actions\nhave no effect (they don't copy data to the clipboard), despite showing\na toast that says the data was copied.\n\n## Analysis\nFrom the main Kibana Discover page, there are several different ways to\ncopy to clipboard, with varying implementations:\n\n- ✅ Table Cell > Copy value of fields.type (`copyValueToClipboard`)\n- ✅ Table Header > Copy name (`copyColumnNameToClipboard`)\n-⚠️ Table Header > Copy column (`copyColumnValuesToClipboard`)\n-⚠️ Selected > Copy selection as text (`copyRowsAsTextToClipboard`)\n-⚠️ Selected > Copy documents as JSON (`copyRowsAsJsonToClipboard`)\n- ✅ Document sidebar > JSON > Copy to clipboard (`copyToClipboard`)\n\nThe methods that **✅ work in both secure and insecure contexts** use\n[EUI\n`copyToClipboard`](https://github.com/elastic/eui/blob/6069ba651329bb2f65e6e5f8641b29e6b16198c6/packages/eui/src/services/copy/copy_to_clipboard.ts#L29-L58),\nwhich creates a hidden text element, fills it with data, selects it, and\nsimulates the user invoking the \"copy\" action.\n\nThe methods that **⚠️ only work in secure context** call `await\nwindow.navigator?.clipboard?.writeText(textToCopy);`. But since the\n[JavaScript Clipboard\nAPI](https://developer.mozilla.org/en-US/docs/Web/API/Clipboard_API) is\nunavailable in that context (`window.navigator.clipboard` is undefined),\nthis has no effect: it neither copies nor throws an exception. If an\nexception is thrown, it falls back to EUI `copyToClipboard` — but since\nno exception is thrown, it skips this fallback.\n\nThis problem does not manifest in the default Kibana dev environment,\n`http://localhost:5601`, since [browsers consider `http://localhost`\nsecure even though it doesn't use\n`https`](https://w3c.github.io/webappsec-secure-contexts/#localhost).\n\n## Proposed solution\nThis MR fixes that fallback (by throwing an exception if the Clipboard\nAPI is unavailable), and improves test coverage to check both when the\nClipboard API is available and unavailable. It also fixes some\nfalse-positives in the existing tests, where some of the mocks were not\nbeing reset between each test, leading to some execution counters\nleaking from one test into the next.\n\n## Checklist\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n - this MR doesn't add or change user-facing text\n- [x]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n - this MR doesn't add new features\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n - this MR adds tests\n- [x] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n - this MR doesn't change any keys\n- [x] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n - this MR doesn't change any APIs\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n - I don't have access to that\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n - added release notes, but I don't have permission to add the label\n- [ ] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n - I don't have access to view that document\n\n### Identify risks\n(no particular new risks)\n\n## Release note\nFixes issue where some of Discover's \"Copy to clipboard\" actions only\nworked when accessing Kibana in a secure browser context.","sha":"f43256ff06609ba5b4bdcaa0794abcfaaadffc99","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","💝community","Feature:UnifiedDataTable","backport:version","v9.2.0","v9.0.5","v9.1.1","v8.18.5","v8.19.1"],"title":"Fix fallback when Clipboard API is unavailable","number":229531,"url":"https://github.com/elastic/kibana/pull/229531","mergeCommit":{"message":"Fix fallback when Clipboard API is unavailable (#229531)\n\n## Summary\nWhen accessing Kibana from an insecure browser context (e.g.\n`http://test.local`), some of Discover's \"Copy to clipboard\" actions\nhave no effect (they don't copy data to the clipboard), despite showing\na toast that says the data was copied.\n\n## Analysis\nFrom the main Kibana Discover page, there are several different ways to\ncopy to clipboard, with varying implementations:\n\n- ✅ Table Cell > Copy value of fields.type (`copyValueToClipboard`)\n- ✅ Table Header > Copy name (`copyColumnNameToClipboard`)\n-⚠️ Table Header > Copy column (`copyColumnValuesToClipboard`)\n-⚠️ Selected > Copy selection as text (`copyRowsAsTextToClipboard`)\n-⚠️ Selected > Copy documents as JSON (`copyRowsAsJsonToClipboard`)\n- ✅ Document sidebar > JSON > Copy to clipboard (`copyToClipboard`)\n\nThe methods that **✅ work in both secure and insecure contexts** use\n[EUI\n`copyToClipboard`](https://github.com/elastic/eui/blob/6069ba651329bb2f65e6e5f8641b29e6b16198c6/packages/eui/src/services/copy/copy_to_clipboard.ts#L29-L58),\nwhich creates a hidden text element, fills it with data, selects it, and\nsimulates the user invoking the \"copy\" action.\n\nThe methods that **⚠️ only work in secure context** call `await\nwindow.navigator?.clipboard?.writeText(textToCopy);`. But since the\n[JavaScript Clipboard\nAPI](https://developer.mozilla.org/en-US/docs/Web/API/Clipboard_API) is\nunavailable in that context (`window.navigator.clipboard` is undefined),\nthis has no effect: it neither copies nor throws an exception. If an\nexception is thrown, it falls back to EUI `copyToClipboard` — but since\nno exception is thrown, it skips this fallback.\n\nThis problem does not manifest in the default Kibana dev environment,\n`http://localhost:5601`, since [browsers consider `http://localhost`\nsecure even though it doesn't use\n`https`](https://w3c.github.io/webappsec-secure-contexts/#localhost).\n\n## Proposed solution\nThis MR fixes that fallback (by throwing an exception if the Clipboard\nAPI is unavailable), and improves test coverage to check both when the\nClipboard API is available and unavailable. It also fixes some\nfalse-positives in the existing tests, where some of the mocks were not\nbeing reset between each test, leading to some execution counters\nleaking from one test into the next.\n\n## Checklist\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n - this MR doesn't add or change user-facing text\n- [x]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n - this MR doesn't add new features\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n - this MR adds tests\n- [x] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n - this MR doesn't change any keys\n- [x] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n - this MR doesn't change any APIs\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n - I don't have access to that\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n - added release notes, but I don't have permission to add the label\n- [ ] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n - I don't have access to view that document\n\n### Identify risks\n(no particular new risks)\n\n## Release note\nFixes issue where some of Discover's \"Copy to clipboard\" actions only\nworked when accessing Kibana in a secure browser context.","sha":"f43256ff06609ba5b4bdcaa0794abcfaaadffc99"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","9.1","8.18","8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/229531","number":229531,"mergeCommit":{"message":"Fix fallback when Clipboard API is unavailable (#229531)\n\n## Summary\nWhen accessing Kibana from an insecure browser context (e.g.\n`http://test.local`), some of Discover's \"Copy to clipboard\" actions\nhave no effect (they don't copy data to the clipboard), despite showing\na toast that says the data was copied.\n\n## Analysis\nFrom the main Kibana Discover page, there are several different ways to\ncopy to clipboard, with varying implementations:\n\n- ✅ Table Cell > Copy value of fields.type (`copyValueToClipboard`)\n- ✅ Table Header > Copy name (`copyColumnNameToClipboard`)\n-⚠️ Table Header > Copy column (`copyColumnValuesToClipboard`)\n-⚠️ Selected > Copy selection as text (`copyRowsAsTextToClipboard`)\n-⚠️ Selected > Copy documents as JSON (`copyRowsAsJsonToClipboard`)\n- ✅ Document sidebar > JSON > Copy to clipboard (`copyToClipboard`)\n\nThe methods that **✅ work in both secure and insecure contexts** use\n[EUI\n`copyToClipboard`](https://github.com/elastic/eui/blob/6069ba651329bb2f65e6e5f8641b29e6b16198c6/packages/eui/src/services/copy/copy_to_clipboard.ts#L29-L58),\nwhich creates a hidden text element, fills it with data, selects it, and\nsimulates the user invoking the \"copy\" action.\n\nThe methods that **⚠️ only work in secure context** call `await\nwindow.navigator?.clipboard?.writeText(textToCopy);`. But since the\n[JavaScript Clipboard\nAPI](https://developer.mozilla.org/en-US/docs/Web/API/Clipboard_API) is\nunavailable in that context (`window.navigator.clipboard` is undefined),\nthis has no effect: it neither copies nor throws an exception. If an\nexception is thrown, it falls back to EUI `copyToClipboard` — but since\nno exception is thrown, it skips this fallback.\n\nThis problem does not manifest in the default Kibana dev environment,\n`http://localhost:5601`, since [browsers consider `http://localhost`\nsecure even though it doesn't use\n`https`](https://w3c.github.io/webappsec-secure-contexts/#localhost).\n\n## Proposed solution\nThis MR fixes that fallback (by throwing an exception if the Clipboard\nAPI is unavailable), and improves test coverage to check both when the\nClipboard API is available and unavailable. It also fixes some\nfalse-positives in the existing tests, where some of the mocks were not\nbeing reset between each test, leading to some execution counters\nleaking from one test into the next.\n\n## Checklist\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n - this MR doesn't add or change user-facing text\n- [x]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n - this MR doesn't add new features\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n - this MR adds tests\n- [x] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n - this MR doesn't change any keys\n- [x] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n - this MR doesn't change any APIs\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n - I don't have access to that\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n - added release notes, but I don't have permission to add the label\n- [ ] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n - I don't have access to view that document\n\n### Identify risks\n(no particular new risks)\n\n## Release note\nFixes issue where some of Discover's \"Copy to clipboard\" actions only\nworked when accessing Kibana in a secure browser context.","sha":"f43256ff06609ba5b4bdcaa0794abcfaaadffc99"}},{"branch":"9.0","label":"v9.0.5","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.1","label":"v9.1.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.5","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Steve Mokris <smokris@softpixel.com>
kibanamachine
added a commit
that referenced
this pull request
Jul 28, 2025
) # Backport This will backport the following commits from `main` to `8.18`: - [Fix fallback when Clipboard API is unavailable (#229531)](#229531) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Steve Mokris","email":"smokris@softpixel.com"},"sourceCommit":{"committedDate":"2025-07-28T14:06:32Z","message":"Fix fallback when Clipboard API is unavailable (#229531)\n\n## Summary\nWhen accessing Kibana from an insecure browser context (e.g.\n`http://test.local`), some of Discover's \"Copy to clipboard\" actions\nhave no effect (they don't copy data to the clipboard), despite showing\na toast that says the data was copied.\n\n## Analysis\nFrom the main Kibana Discover page, there are several different ways to\ncopy to clipboard, with varying implementations:\n\n- ✅ Table Cell > Copy value of fields.type (`copyValueToClipboard`)\n- ✅ Table Header > Copy name (`copyColumnNameToClipboard`)\n-⚠️ Table Header > Copy column (`copyColumnValuesToClipboard`)\n-⚠️ Selected > Copy selection as text (`copyRowsAsTextToClipboard`)\n-⚠️ Selected > Copy documents as JSON (`copyRowsAsJsonToClipboard`)\n- ✅ Document sidebar > JSON > Copy to clipboard (`copyToClipboard`)\n\nThe methods that **✅ work in both secure and insecure contexts** use\n[EUI\n`copyToClipboard`](https://github.com/elastic/eui/blob/6069ba651329bb2f65e6e5f8641b29e6b16198c6/packages/eui/src/services/copy/copy_to_clipboard.ts#L29-L58),\nwhich creates a hidden text element, fills it with data, selects it, and\nsimulates the user invoking the \"copy\" action.\n\nThe methods that **⚠️ only work in secure context** call `await\nwindow.navigator?.clipboard?.writeText(textToCopy);`. But since the\n[JavaScript Clipboard\nAPI](https://developer.mozilla.org/en-US/docs/Web/API/Clipboard_API) is\nunavailable in that context (`window.navigator.clipboard` is undefined),\nthis has no effect: it neither copies nor throws an exception. If an\nexception is thrown, it falls back to EUI `copyToClipboard` — but since\nno exception is thrown, it skips this fallback.\n\nThis problem does not manifest in the default Kibana dev environment,\n`http://localhost:5601`, since [browsers consider `http://localhost`\nsecure even though it doesn't use\n`https`](https://w3c.github.io/webappsec-secure-contexts/#localhost).\n\n## Proposed solution\nThis MR fixes that fallback (by throwing an exception if the Clipboard\nAPI is unavailable), and improves test coverage to check both when the\nClipboard API is available and unavailable. It also fixes some\nfalse-positives in the existing tests, where some of the mocks were not\nbeing reset between each test, leading to some execution counters\nleaking from one test into the next.\n\n## Checklist\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n - this MR doesn't add or change user-facing text\n- [x]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n - this MR doesn't add new features\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n - this MR adds tests\n- [x] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n - this MR doesn't change any keys\n- [x] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n - this MR doesn't change any APIs\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n - I don't have access to that\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n - added release notes, but I don't have permission to add the label\n- [ ] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n - I don't have access to view that document\n\n### Identify risks\n(no particular new risks)\n\n## Release note\nFixes issue where some of Discover's \"Copy to clipboard\" actions only\nworked when accessing Kibana in a secure browser context.","sha":"f43256ff06609ba5b4bdcaa0794abcfaaadffc99","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","💝community","Feature:UnifiedDataTable","backport:version","v9.2.0","v9.0.5","v9.1.1","v8.18.5","v8.19.1"],"title":"Fix fallback when Clipboard API is unavailable","number":229531,"url":"https://github.com/elastic/kibana/pull/229531","mergeCommit":{"message":"Fix fallback when Clipboard API is unavailable (#229531)\n\n## Summary\nWhen accessing Kibana from an insecure browser context (e.g.\n`http://test.local`), some of Discover's \"Copy to clipboard\" actions\nhave no effect (they don't copy data to the clipboard), despite showing\na toast that says the data was copied.\n\n## Analysis\nFrom the main Kibana Discover page, there are several different ways to\ncopy to clipboard, with varying implementations:\n\n- ✅ Table Cell > Copy value of fields.type (`copyValueToClipboard`)\n- ✅ Table Header > Copy name (`copyColumnNameToClipboard`)\n-⚠️ Table Header > Copy column (`copyColumnValuesToClipboard`)\n-⚠️ Selected > Copy selection as text (`copyRowsAsTextToClipboard`)\n-⚠️ Selected > Copy documents as JSON (`copyRowsAsJsonToClipboard`)\n- ✅ Document sidebar > JSON > Copy to clipboard (`copyToClipboard`)\n\nThe methods that **✅ work in both secure and insecure contexts** use\n[EUI\n`copyToClipboard`](https://github.com/elastic/eui/blob/6069ba651329bb2f65e6e5f8641b29e6b16198c6/packages/eui/src/services/copy/copy_to_clipboard.ts#L29-L58),\nwhich creates a hidden text element, fills it with data, selects it, and\nsimulates the user invoking the \"copy\" action.\n\nThe methods that **⚠️ only work in secure context** call `await\nwindow.navigator?.clipboard?.writeText(textToCopy);`. But since the\n[JavaScript Clipboard\nAPI](https://developer.mozilla.org/en-US/docs/Web/API/Clipboard_API) is\nunavailable in that context (`window.navigator.clipboard` is undefined),\nthis has no effect: it neither copies nor throws an exception. If an\nexception is thrown, it falls back to EUI `copyToClipboard` — but since\nno exception is thrown, it skips this fallback.\n\nThis problem does not manifest in the default Kibana dev environment,\n`http://localhost:5601`, since [browsers consider `http://localhost`\nsecure even though it doesn't use\n`https`](https://w3c.github.io/webappsec-secure-contexts/#localhost).\n\n## Proposed solution\nThis MR fixes that fallback (by throwing an exception if the Clipboard\nAPI is unavailable), and improves test coverage to check both when the\nClipboard API is available and unavailable. It also fixes some\nfalse-positives in the existing tests, where some of the mocks were not\nbeing reset between each test, leading to some execution counters\nleaking from one test into the next.\n\n## Checklist\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n - this MR doesn't add or change user-facing text\n- [x]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n - this MR doesn't add new features\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n - this MR adds tests\n- [x] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n - this MR doesn't change any keys\n- [x] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n - this MR doesn't change any APIs\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n - I don't have access to that\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n - added release notes, but I don't have permission to add the label\n- [ ] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n - I don't have access to view that document\n\n### Identify risks\n(no particular new risks)\n\n## Release note\nFixes issue where some of Discover's \"Copy to clipboard\" actions only\nworked when accessing Kibana in a secure browser context.","sha":"f43256ff06609ba5b4bdcaa0794abcfaaadffc99"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","9.1","8.18","8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/229531","number":229531,"mergeCommit":{"message":"Fix fallback when Clipboard API is unavailable (#229531)\n\n## Summary\nWhen accessing Kibana from an insecure browser context (e.g.\n`http://test.local`), some of Discover's \"Copy to clipboard\" actions\nhave no effect (they don't copy data to the clipboard), despite showing\na toast that says the data was copied.\n\n## Analysis\nFrom the main Kibana Discover page, there are several different ways to\ncopy to clipboard, with varying implementations:\n\n- ✅ Table Cell > Copy value of fields.type (`copyValueToClipboard`)\n- ✅ Table Header > Copy name (`copyColumnNameToClipboard`)\n-⚠️ Table Header > Copy column (`copyColumnValuesToClipboard`)\n-⚠️ Selected > Copy selection as text (`copyRowsAsTextToClipboard`)\n-⚠️ Selected > Copy documents as JSON (`copyRowsAsJsonToClipboard`)\n- ✅ Document sidebar > JSON > Copy to clipboard (`copyToClipboard`)\n\nThe methods that **✅ work in both secure and insecure contexts** use\n[EUI\n`copyToClipboard`](https://github.com/elastic/eui/blob/6069ba651329bb2f65e6e5f8641b29e6b16198c6/packages/eui/src/services/copy/copy_to_clipboard.ts#L29-L58),\nwhich creates a hidden text element, fills it with data, selects it, and\nsimulates the user invoking the \"copy\" action.\n\nThe methods that **⚠️ only work in secure context** call `await\nwindow.navigator?.clipboard?.writeText(textToCopy);`. But since the\n[JavaScript Clipboard\nAPI](https://developer.mozilla.org/en-US/docs/Web/API/Clipboard_API) is\nunavailable in that context (`window.navigator.clipboard` is undefined),\nthis has no effect: it neither copies nor throws an exception. If an\nexception is thrown, it falls back to EUI `copyToClipboard` — but since\nno exception is thrown, it skips this fallback.\n\nThis problem does not manifest in the default Kibana dev environment,\n`http://localhost:5601`, since [browsers consider `http://localhost`\nsecure even though it doesn't use\n`https`](https://w3c.github.io/webappsec-secure-contexts/#localhost).\n\n## Proposed solution\nThis MR fixes that fallback (by throwing an exception if the Clipboard\nAPI is unavailable), and improves test coverage to check both when the\nClipboard API is available and unavailable. It also fixes some\nfalse-positives in the existing tests, where some of the mocks were not\nbeing reset between each test, leading to some execution counters\nleaking from one test into the next.\n\n## Checklist\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n - this MR doesn't add or change user-facing text\n- [x]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n - this MR doesn't add new features\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n - this MR adds tests\n- [x] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n - this MR doesn't change any keys\n- [x] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n - this MR doesn't change any APIs\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n - I don't have access to that\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n - added release notes, but I don't have permission to add the label\n- [ ] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n - I don't have access to view that document\n\n### Identify risks\n(no particular new risks)\n\n## Release note\nFixes issue where some of Discover's \"Copy to clipboard\" actions only\nworked when accessing Kibana in a secure browser context.","sha":"f43256ff06609ba5b4bdcaa0794abcfaaadffc99"}},{"branch":"9.0","label":"v9.0.5","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.1","label":"v9.1.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.5","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Steve Mokris <smokris@softpixel.com>
delanni
pushed a commit
to delanni/kibana
that referenced
this pull request
Aug 5, 2025
## Summary When accessing Kibana from an insecure browser context (e.g. `http://test.local`), some of Discover's "Copy to clipboard" actions have no effect (they don't copy data to the clipboard), despite showing a toast that says the data was copied. ## Analysis From the main Kibana Discover page, there are several different ways to copy to clipboard, with varying implementations: - ✅ Table Cell > Copy value of fields.type (`copyValueToClipboard`) - ✅ Table Header > Copy name (`copyColumnNameToClipboard`) -⚠️ Table Header > Copy column (`copyColumnValuesToClipboard`) -⚠️ Selected > Copy selection as text (`copyRowsAsTextToClipboard`) -⚠️ Selected > Copy documents as JSON (`copyRowsAsJsonToClipboard`) - ✅ Document sidebar > JSON > Copy to clipboard (`copyToClipboard`) The methods that **✅ work in both secure and insecure contexts** use [EUI `copyToClipboard`](https://github.com/elastic/eui/blob/6069ba651329bb2f65e6e5f8641b29e6b16198c6/packages/eui/src/services/copy/copy_to_clipboard.ts#L29-L58), which creates a hidden text element, fills it with data, selects it, and simulates the user invoking the "copy" action. The methods that **⚠️ only work in secure context** call `await window.navigator?.clipboard?.writeText(textToCopy);`. But since the [JavaScript Clipboard API](https://developer.mozilla.org/en-US/docs/Web/API/Clipboard_API) is unavailable in that context (`window.navigator.clipboard` is undefined), this has no effect: it neither copies nor throws an exception. If an exception is thrown, it falls back to EUI `copyToClipboard` — but since no exception is thrown, it skips this fallback. This problem does not manifest in the default Kibana dev environment, `http://localhost:5601`, since [browsers consider `http://localhost` secure even though it doesn't use `https`](https://w3c.github.io/webappsec-secure-contexts/#localhost). ## Proposed solution This MR fixes that fallback (by throwing an exception if the Clipboard API is unavailable), and improves test coverage to check both when the Clipboard API is available and unavailable. It also fixes some false-positives in the existing tests, where some of the mocks were not being reset between each test, leading to some execution counters leaking from one test into the next. ## Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - this MR doesn't add or change user-facing text - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - this MR doesn't add new features - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - this MR adds tests - [x] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - this MR doesn't change any keys - [x] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - this MR doesn't change any APIs - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - I don't have access to that - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - added release notes, but I don't have permission to add the label - [ ] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. - I don't have access to view that document ### Identify risks (no particular new risks) ## Release note Fixes issue where some of Discover's "Copy to clipboard" actions only worked when accessing Kibana in a secure browser context.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
When accessing Kibana from an insecure browser context (e.g.
http://test.local), some of Discover's "Copy to clipboard" actions have no effect (they don't copy data to the clipboard), despite showing a toast that says the data was copied.Analysis
From the main Kibana Discover page, there are several different ways to copy to clipboard, with varying implementations:
copyValueToClipboard)copyColumnNameToClipboard)copyColumnValuesToClipboard)copyRowsAsTextToClipboard)copyRowsAsJsonToClipboard)copyToClipboard)The methods that ✅ work in both secure and insecure contexts use EUI
copyToClipboard, which creates a hidden text element, fills it with data, selects it, and simulates the user invoking the "copy" action.The methods that⚠️ only work in secure context call
await window.navigator?.clipboard?.writeText(textToCopy);. But since the JavaScript Clipboard API is unavailable in that context (window.navigator.clipboardis undefined), this has no effect: it neither copies nor throws an exception. If an exception is thrown, it falls back to EUIcopyToClipboard— but since no exception is thrown, it skips this fallback.This problem does not manifest in the default Kibana dev environment,
http://localhost:5601, since browsers considerhttp://localhostsecure even though it doesn't usehttps.Proposed solution
This MR fixes that fallback (by throwing an exception if the Clipboard API is unavailable), and improves test coverage to check both when the Clipboard API is available and unavailable. It also fixes some false-positives in the existing tests, where some of the mocks were not being reset between each test, leading to some execution counters leaking from one test into the next.
Checklist
release_note:breakinglabel should be applied in these situations.release_note:*label is applied per the guidelinesbackport:*labels.Identify risks
(no particular new risks)
Release note
Fixes issue where some of Discover's "Copy to clipboard" actions only worked when accessing Kibana in a secure browser context.