[jira] [Updated] (SOLR-7966) Solr Admin pages should set X-Frame-Options to DENY

Yonik Seeley (JIRA) Mon, 24 Aug 2015 19:51:07 -0700

     [ 
https://issues.apache.org/jira/browse/SOLR-7966?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Yonik Seeley updated SOLR-7966:
-------------------------------
    Attachment: SOLR-7966.patch

OK, here's a patch that works fine via testing by hand,
but unfortunately I'm not sure how to do a unit test.
I don't even seem to be able to retrieve the main admin page itself.

Something like
http://localhost:8983/solr/#/
works fine by hand.

Anyone have pointers how to test this stuff?

> Solr Admin pages should set X-Frame-Options to DENY
> ---------------------------------------------------
>
>                 Key: SOLR-7966
>                 URL: https://issues.apache.org/jira/browse/SOLR-7966
>             Project: Solr
>          Issue Type: Bug
>            Reporter: Yonik Seeley
>            Priority: Trivial
>         Attachments: SOLR-7966.patch
>
>
> Security scan software reported that Solr's admin interface is vulnerable to 
> clickjacking, which is fixable with the X-Frame-Options HTTP header.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Updated] (SOLR-7966) Solr Admin pages should set X-Frame-Options to DENY

Reply via email to