[
https://issues.apache.org/jira/browse/SOLR-14634?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Noble Paul reassigned SOLR-14634:
---------------------------------
Assignee: Noble Paul
> Limit the HTTP security headers to /solr end point
> --------------------------------------------------
>
> Key: SOLR-14634
> URL: https://issues.apache.org/jira/browse/SOLR-14634
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Affects Versions: 8.6
> Reporter: Noble Paul
> Assignee: Noble Paul
> Priority: Blocker
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Ideally the CSP headers and other security headers are only required for web
> components such as html/js etc. There should be no need to send it out for a
> {{json}} or{{ javabin}} response. It is unnecessary data that is being sent.
> The problem is our web UI content paths are not easy to differentiate from
> other paths. But the v2 APIs do not need to pay that price and that can be
> easily achieved by adding a pattern to the rules
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
