Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/18285 )
Change subject: [www] Add CSP header to web UI ...................................................................... Patch Set 4: Code-Review+1 (2 comments) http://gerrit.cloudera.org:8080/#/c/18285/4/src/kudu/server/webserver.cc File src/kudu/server/webserver.cc: http://gerrit.cloudera.org:8080/#/c/18285/4/src/kudu/server/webserver.cc@648 PS4, Line 648: for (string& encoding: encodings) { style nit: put the space back Overall, please refrain from updating non-relevant parts of the code -- that didn't help in reviewing and tracking changes in posterity. If you want to update some aspects of the code which are not directly related to the essence of one patch, you can always put together a separate patch and post it for review. http://gerrit.cloudera.org:8080/#/c/18285/4/src/kudu/server/webserver.cc@689 PS4, Line 689: oss << "Content-Security-Policy: default-src 'self';" : // This hash has to be updated whenever kudu.css, bootstrap.min.css , : // bootstrap-table.min.css files change. The easiest way to obtain this hash is through browser/js : // console. It is embedded in the error message. : << "style-src 'self' 'unsafe-hashes' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=';" : << "img-src 'self' data:;\r\n"; nit: the indent is incorrect for this block -- To view, visit http://gerrit.cloudera.org:8080/18285 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I411d8f4ca079bfd5584f563aeeaa867833eb1106 Gerrit-Change-Number: 18285 Gerrit-PatchSet: 4 Gerrit-Owner: Attila Bukor <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Khazar Mammadli <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Tidy Bot (241) Gerrit-Comment-Date: Thu, 14 Jul 2022 19:27:16 +0000 Gerrit-HasComments: Yes
