[
https://issues.apache.org/jira/browse/SOLR-15453?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17361243#comment-17361243
]
ASF subversion and git services commented on SOLR-15453:
--------------------------------------------------------
Commit ae5c62a9648a0b1bf90b2de488e31a39ce1bce94 in solr's branch
refs/heads/main from Marcus
[ https://gitbox.apache.org/repos/asf?p=solr.git;h=ae5c62a ]
SOLR-15453: permit local binary image requests (#164)
> Harmless Security Error Could Cause Issues for some Users
> ---------------------------------------------------------
>
> Key: SOLR-15453
> URL: https://issues.apache.org/jira/browse/SOLR-15453
> Project: Solr
> Issue Type: Improvement
> Components: Admin UI, security
> Affects Versions: main (9.0), 8.8.2
> Reporter: Marcus Eagan
> Priority: Major
> Attachments: example_security_policy.png, main_branch.png
>
>
> There is an error globally around certain images being blocked due to
> violating the Content Security Policies. To address this, there needs to be a
> change in the jetty.xml to add the data: directive to img-src. The complete
> entry should look like this: img-src 'self' data:
> The main issue is that this error could lead to more challenges for some
> users of Solr if observed by their internal security teams even though it's
> not much of an issue. I could not identify which specific images were blocked.
> To reproduce, you can build master and visit the Admin UI and check the
> browser console.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
