AMQ-7434 - Enable Jolokia CORS strict-checking by default

2020-03-03 14:22:04 +00:00 · 2020-03-03 14:22:04 +00:00 · f221072375
parent 578051fdea
commit f221072375
1 changed files with 6 additions and 1 deletions
--- a/assembly/src/release/webapps/api/WEB-INF/classes/jolokia-access.xml
+++ b/assembly/src/release/webapps/api/WEB-INF/classes/jolokia-access.xml
@ -17,6 +17,11 @@
 -->
 <restrict>

+  <!-- Enforce that an Origin/Referer header is present to prevent CSRF -->
+  <cors>
+    <strict-checking/>
+  </cors>
+
  <!-- deny calling operations or getting attributes from these mbeans -->
  <deny>
    <mbean>
@ -31,4 +36,4 @@
    </mbean>
  </deny>

-</restrict>
+</restrict>