You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@solr.apache.org by ho...@apache.org on 2021/06/10 22:04:18 UTC
[solr] branch main updated: SOLR-15453: permit local binary image
requests (#164)
This is an automated email from the ASF dual-hosted git repository.
houston pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/solr.git
The following commit(s) were added to refs/heads/main by this push:
new ae5c62a SOLR-15453: permit local binary image requests (#164)
ae5c62a is described below
commit ae5c62a9648a0b1bf90b2de488e31a39ce1bce94
Author: Marcus <ma...@gmail.com>
AuthorDate: Thu Jun 10 18:04:08 2021 -0400
SOLR-15453: permit local binary image requests (#164)
---
solr/CHANGES.txt | 2 ++
solr/server/etc/jetty.xml | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index bd62b6f..dd93909 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -139,6 +139,8 @@ when told to. The admin UI now tells it to. (Nazerke Seidan, David Smiley)
and a templated path. The collection or core name is now in the db.instance tag.
(David Smiley)
+* SOLR-15453: Update the content security policy in Jetty to allow image requests from local host and prevent security errors on the client side. (MarcusSorealheis via Houston Putman)
+
Other Changes
----------------------
* SOLR-14656: Autoscaling framework removed (Ishan Chattopadhyaya, noble, Ilan Ginzburg)
diff --git a/solr/server/etc/jetty.xml b/solr/server/etc/jetty.xml
index e2f4ab0..f2cf331 100644
--- a/solr/server/etc/jetty.xml
+++ b/solr/server/etc/jetty.xml
@@ -95,7 +95,7 @@
<New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
<Set name="pattern">/solr/*</Set>
<Set name="name">Content-Security-Policy</Set>
- <Set name="value">default-src 'none'; base-uri 'none'; connect-src 'self'; form-action 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'; worker-src 'self';</Set>
+ <Set name="value">default-src 'none'; base-uri 'none'; connect-src 'self'; form-action 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'; worker-src 'self';</Set>
</New>
</Arg>
</Call>