You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@lucene.apache.org by "Noble Paul (Jira)" <ji...@apache.org> on 2020/07/07 13:21:00 UTC
[jira] [Assigned] (SOLR-14634) Limit the HTTP security headers to
/solr end point
[ https://issues.apache.org/jira/browse/SOLR-14634?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Noble Paul reassigned SOLR-14634:
---------------------------------
Assignee: Noble Paul
> Limit the HTTP security headers to /solr end point
> --------------------------------------------------
>
> Key: SOLR-14634
> URL: https://issues.apache.org/jira/browse/SOLR-14634
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Affects Versions: 8.6
> Reporter: Noble Paul
> Assignee: Noble Paul
> Priority: Blocker
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Ideally the CSP headers and other security headers are only required for web components such as html/js etc. There should be no need to send it out for a {{json}} or{{ javabin}} response. It is unnecessary data that is being sent.
> The problem is our web UI content paths are not easy to differentiate from other paths. But the v2 APIs do not need to pay that price and that can be easily achieved by adding a pattern to the rules
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org