[
https://issues.apache.org/jira/browse/SOLR-15453?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Marcus Eagan updated SOLR-15453:
--------------------------------
Security: (was: Private (Security Issue))
> Harmless Security Error Could Cause Issues for some Users
> ---------------------------------------------------------
>
> Key: SOLR-15453
> URL: https://issues.apache.org/jira/browse/SOLR-15453
> Project: Solr
> Issue Type: Improvement
> Components: Admin UI, security
> Affects Versions: main (9.0), 8.8.2
> Reporter: Marcus Eagan
> Priority: Major
> Attachments: example_security_policy.png, main_branch.png
>
>
> There is an error globally around certain images being blocked due to
> violating the Content Security Policies. To address this, there needs to be a
> change in the jetty.xml to add the data: directive to img-src. The complete
> entry should look like this: img-src 'self' data:
> The main issue is that this error could lead to more challenges for some
> users of Solr if observed by their internal security teams even though it's
> not much of an issue. I could not identify which specific images were blocked.
> To reproduce, you can build master and visit the Admin UI and check the
> browser console.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
