Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-14634

Limit the HTTP security headers to /solr end point

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 8.6
    • 8.7
    • None
    • None

    Description

      Ideally the CSP headers and other security headers are only required for web components such as html/js etc. There should be no need to send it out for a json or{{ javabin}} response. It is unnecessary data that is being sent.

      The problem is our web UI content paths are not easy to differentiate from other paths. But the v2 APIs do not need to pay that price and that can be easily achieved by adding a pattern to the rules

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #1655

          Activity

            People

              noble.paul Noble Paul
              noble.paul Noble Paul
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 0.5h
                  0.5h