Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/18285 )
Change subject: [www] Add CSP header to web UI ...................................................................... Patch Set 1: (3 comments) http://gerrit.cloudera.org:8080/#/c/18285/1//COMMIT_MSG Commit Message: PS1: > I think this should be possible, a unit test would suffice just by knowing Right -- the idea is to have a unit test to make sure the expected header is present in the responses and spot future regressions, if any. The scope of tests in webserver-test.cc is exactly that. http://gerrit.cloudera.org:8080/#/c/18285/1/src/kudu/server/webserver.cc File src/kudu/server/webserver.cc: http://gerrit.cloudera.org:8080/#/c/18285/1/src/kudu/server/webserver.cc@684 PS1, Line 684: Content-Security-Policy > Don't think that adding the header might cause an issue, but it is a good i Right -- you never know when you encounter next incompatibility down the road, and having a kill switch for a new feature helps to lessen the risk of making Kudu webUI unusable in such situations. http://gerrit.cloudera.org:8080/#/c/18285/1/src/kudu/server/webserver.cc@685 PS1, Line 685: sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= > CSP blocks the inline styles when its enabled, this is a workaround to be a The ask is to provide at least instructions in the comment: when to update the hash and how. -- To view, visit http://gerrit.cloudera.org:8080/18285 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I411d8f4ca079bfd5584f563aeeaa867833eb1106 Gerrit-Change-Number: 18285 Gerrit-PatchSet: 1 Gerrit-Owner: Attila Bukor <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Khazar Mammadli <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Comment-Date: Wed, 13 Jul 2022 18:22:19 +0000 Gerrit-HasComments: Yes
