You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by no...@apache.org on 2020/07/07 12:33:29 UTC
[lucene-solr] 01/01: SOLR-14634: Limit the HTTP security headers to
"/solr" end point
This is an automated email from the ASF dual-hosted git repository.
noble pushed a commit to branch jira/solr14634
in repository https://gitbox.apache.org/repos/asf/lucene-solr.git
commit af78d680e6604a586e782c3dbb1a85368b80e7f1
Author: noblepaul <no...@gmail.com>
AuthorDate: Tue Jul 7 22:32:39 2020 +1000
SOLR-14634: Limit the HTTP security headers to "/solr" end point
---
solr/server/etc/jetty.xml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/solr/server/etc/jetty.xml b/solr/server/etc/jetty.xml
index ecd4f22..e2f4ab0 100644
--- a/solr/server/etc/jetty.xml
+++ b/solr/server/etc/jetty.xml
@@ -93,7 +93,7 @@
<Call name="addRule">
<Arg>
<New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
- <Set name="pattern">*</Set>
+ <Set name="pattern">/solr/*</Set>
<Set name="name">Content-Security-Policy</Set>
<Set name="value">default-src 'none'; base-uri 'none'; connect-src 'self'; form-action 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'; worker-src 'self';</Set>
</New>
@@ -102,7 +102,7 @@
<Call name="addRule">
<Arg>
<New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
- <Set name="pattern">*</Set>
+ <Set name="pattern">/solr/*</Set>
<Set name="name">X-Content-Type-Options</Set>
<Set name="value">nosniff</Set>
</New>
@@ -111,7 +111,7 @@
<Call name="addRule">
<Arg>
<New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
- <Set name="pattern">*</Set>
+ <Set name="pattern">/solr/*</Set>
<Set name="name">X-Frame-Options</Set>
<Set name="value">SAMEORIGIN</Set>
</New>
@@ -120,7 +120,7 @@
<Call name="addRule">
<Arg>
<New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
- <Set name="pattern">*</Set>
+ <Set name="pattern">/solr/*</Set>
<Set name="name">X-XSS-Protection</Set>
<Set name="value">1; mode=block</Set>
</New>