Description
Followup from SOLR-13982: currently any CSP is weak because it must allow this eval: means arbitrary javascript can still be executed.
Let's fix the admin UI to not require eval so it can be disabled by the browser.
Attachments
Attachments
Issue Links
- is related to
-
SOLR-14039 SOLR-13987 broke multiple node /select handler due to jetty.xml whitespace
- Closed
- relates to
-
SOLR-14176 Graph of SolrCloud is not shown in UI
- Resolved
-
SOLR-13982 set security-related http response headers by default
- Closed
-
SOLR-14014 Allow Solr to start with Admin UI disabled
- Closed
- links to