[kudu-CR] [www] Add CSP header to web UI

Thu, 14 Jul 2022 12:44:00 -0700 

Khazar Mammadli has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/18285 )

Change subject: [www] Add CSP header to web UI
......................................................................


Patch Set 5:

(3 comments)

http://gerrit.cloudera.org:8080/#/c/18285/4/src/kudu/server/webserver.cc
File src/kudu/server/webserver.cc:

http://gerrit.cloudera.org:8080/#/c/18285/4/src/kudu/server/webserver.cc@96
PS4, Line 96: TAG_FLAG(webserver_enable_csp, runtime);
> This new flag is also run-time by the way how it's implemented, so it makes
Done


http://gerrit.cloudera.org:8080/#/c/18285/4/src/kudu/server/webserver.cc@648
PS4, Line 648:   vector<string> encodings = strings::Split(accept_encoding_str, 
",");
> style nit: put the space back
I think my IDE is up to some shady business as I've not modified the said 
lines, I'll take a closer look, as these don't even pop up on git diff


http://gerrit.cloudera.org:8080/#/c/18285/4/src/kudu/server/webserver.cc@689
PS4, Line 689:   if (PREDICT_TRUE(FLAGS_webserver_enable_csp)) {
             :     oss << "Content-Security-Policy: default-src 'self';"
             :     // This hash has to be updated whenever kudu.css, 
bootstrap.min.css ,
             :     // bootstrap-table.min.css files change. The easiest way to 
obtain this hash is through browser/js
             :     // console. It is embedded in the error message.
             :         << "style-src 'self' 'unsafe-
> nit: the indent is incorrect for this block
done



--
To view, visit http://gerrit.cloudera.org:8080/18285
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I411d8f4ca079bfd5584f563aeeaa867833eb1106
Gerrit-Change-Number: 18285
Gerrit-PatchSet: 5
Gerrit-Owner: Attila Bukor <[email protected]>
Gerrit-Reviewer: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Andrew Wong <[email protected]>
Gerrit-Reviewer: Attila Bukor <[email protected]>
Gerrit-Reviewer: Khazar Mammadli <[email protected]>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Reviewer: Tidy Bot (241)
Gerrit-Comment-Date: Thu, 14 Jul 2022 19:43:45 +0000
Gerrit-HasComments: Yes

Reply via email to