The RUM endpoint will provide the same functionality as as the backend endpoint with following differences:
- No secret token.
- Rate limit.
- CORS handler.
The existing rate limit and allowed origin settings used for the intake endpoint will be applied here.
As pointed out by @graphaelli , this endpoint could be abused to expose backend configuration data. To mitigate that, the UI will include a rum-enabled checkbox for users to confirm that a given service is instrumented by the RUM agent.
apm-server will receive that value from Kibana as a boolean, and it will only return configuration if it is true.
Currently backend agents derive their polling interval from the Access-Control-Max-Age header. We can have a different value for the RUM endpoint.
The RUM endpoint will provide the same functionality as as the backend endpoint with following differences:
The existing rate limit and allowed origin settings used for the intake endpoint will be applied here.
As pointed out by @graphaelli , this endpoint could be abused to expose backend configuration data. To mitigate that, the UI will include a
rum-enabledcheckbox for users to confirm that a given service is instrumented by the RUM agent.apm-server will receive that value from Kibana as a boolean, and it will only return configuration if it is true.
Currently backend agents derive their polling interval from the
Access-Control-Max-Ageheader. We can have a different value for the RUM endpoint.