mirror of https://github.com/apache/lucene.git
SOLR-14634: Limit the HTTP security headers to "/solr" end point (#1655)
This commit is contained in:
parent
a88a333d54
commit
5154b6008f
|
@ -241,6 +241,8 @@ Optimizations
|
||||||
|
|
||||||
* SOLR-14554: Add BlockMax-WAND support for queries where the score is requested (Tomás Fernández Löbbe)
|
* SOLR-14554: Add BlockMax-WAND support for queries where the score is requested (Tomás Fernández Löbbe)
|
||||||
|
|
||||||
|
* SOLR-14634: Limit the HTTP security headers to "/solr" end point (noble)
|
||||||
|
|
||||||
Bug Fixes
|
Bug Fixes
|
||||||
---------------------
|
---------------------
|
||||||
* SOLR-13264: IndexSizeTrigger aboveOp / belowOp properties not in valid properties.
|
* SOLR-13264: IndexSizeTrigger aboveOp / belowOp properties not in valid properties.
|
||||||
|
|
|
@ -93,7 +93,7 @@
|
||||||
<Call name="addRule">
|
<Call name="addRule">
|
||||||
<Arg>
|
<Arg>
|
||||||
<New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
|
<New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
|
||||||
<Set name="pattern">*</Set>
|
<Set name="pattern">/solr/*</Set>
|
||||||
<Set name="name">Content-Security-Policy</Set>
|
<Set name="name">Content-Security-Policy</Set>
|
||||||
<Set name="value">default-src 'none'; base-uri 'none'; connect-src 'self'; form-action 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'; worker-src 'self';</Set>
|
<Set name="value">default-src 'none'; base-uri 'none'; connect-src 'self'; form-action 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'; worker-src 'self';</Set>
|
||||||
</New>
|
</New>
|
||||||
|
@ -102,7 +102,7 @@
|
||||||
<Call name="addRule">
|
<Call name="addRule">
|
||||||
<Arg>
|
<Arg>
|
||||||
<New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
|
<New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
|
||||||
<Set name="pattern">*</Set>
|
<Set name="pattern">/solr/*</Set>
|
||||||
<Set name="name">X-Content-Type-Options</Set>
|
<Set name="name">X-Content-Type-Options</Set>
|
||||||
<Set name="value">nosniff</Set>
|
<Set name="value">nosniff</Set>
|
||||||
</New>
|
</New>
|
||||||
|
@ -111,7 +111,7 @@
|
||||||
<Call name="addRule">
|
<Call name="addRule">
|
||||||
<Arg>
|
<Arg>
|
||||||
<New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
|
<New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
|
||||||
<Set name="pattern">*</Set>
|
<Set name="pattern">/solr/*</Set>
|
||||||
<Set name="name">X-Frame-Options</Set>
|
<Set name="name">X-Frame-Options</Set>
|
||||||
<Set name="value">SAMEORIGIN</Set>
|
<Set name="value">SAMEORIGIN</Set>
|
||||||
</New>
|
</New>
|
||||||
|
@ -120,7 +120,7 @@
|
||||||
<Call name="addRule">
|
<Call name="addRule">
|
||||||
<Arg>
|
<Arg>
|
||||||
<New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
|
<New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
|
||||||
<Set name="pattern">*</Set>
|
<Set name="pattern">/solr/*</Set>
|
||||||
<Set name="name">X-XSS-Protection</Set>
|
<Set name="name">X-XSS-Protection</Set>
|
||||||
<Set name="value">1; mode=block</Set>
|
<Set name="value">1; mode=block</Set>
|
||||||
</New>
|
</New>
|
||||||
|
|
Loading…
Reference in New Issue