Joshuaariolu opened a new issue, #789:
URL: https://github.com/apache/solr-operator/issues/789
I'm running Apache Solr 9.8.0 on Amazon EKS using Helm. I want to modify the
security-related HTTP headers that Solr sets—specifically, I want to remove
'unsafe-inline' from the Content-Security-Policy (CSP) header. How can I
achieve this?
Currently, the CSP is defined in the Jetty configuration (likely in
jetty.yaml or jetty-rewrite.xml) with a rule like this:
<!-- security-related headers -->
<Call name="addRule">
<Arg>
<New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
<Set name="pattern">/solr/*</Set>
<Set name="name">Content-Security-Policy</Set>
<Set name="value">
default-src 'none'; base-uri 'none'; connect-src 'self'; form-action
'self'; font-src 'self';
frame-ancestors 'none'; img-src 'self' data:; media-src 'self';
style-src 'self' 'unsafe-inline'; script-src 'self'; worker-src
'self';
</Set>
</New>
</Arg>
</Call>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
