[jira] [Commented] (SOLR-15453) Harmless Security Error Could Cause Issues for some Users

["ASF subversion and git services (Jira)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/SOLR-15453?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17361243#comment-17361243 ] 

ASF subversion and git services commented on SOLR-15453:
--------------------------------------------------------

Commit ae5c62a9648a0b1bf90b2de488e31a39ce1bce94 in solr's branch refs/heads/main from Marcus
[ https://gitbox.apache.org/repos/asf?p=solr.git;h=ae5c62a ]

SOLR-15453: permit local  binary image requests (#164)



> Harmless Security Error Could Cause Issues for some Users
> ---------------------------------------------------------
>
>                 Key: SOLR-15453
>                 URL: https://issues.apache.org/jira/browse/SOLR-15453
>             Project: Solr
>          Issue Type: Improvement
>          Components: Admin UI, security
>    Affects Versions: main (9.0), 8.8.2
>            Reporter: Marcus Eagan
>            Priority: Major
>         Attachments: example_security_policy.png, main_branch.png
>
>
> There is an error globally around certain images being blocked due to violating the Content Security Policies. To address this, there needs to be a change in the jetty.xml to add the data: directive to img-src. The complete entry should look like this: img-src 'self' data:
> The main issue is that this error could lead to more challenges for some users of Solr if observed by their internal security teams even though it's not much of an issue. I could not identify which specific images were blocked.
> To reproduce, you can build master and visit the Admin UI and check the browser console.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org