This is an automated email from the ASF dual-hosted git repository.
jbonofre pushed a commit to branch activemq-5.15.x
in repository https://gitbox.apache.org/repos/asf/activemq.git
The following commit(s) were added to refs/heads/activemq-5.15.x by this push:
new d42bf43 AMQ-7434 - Enable Jolokia CORS strict-checking by default
d42bf43 is described below
commit d42bf43362cc4ae16b6bebe38b76e4f43a2052e3
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Tue Mar 3 14:22:04 2020 +0000
AMQ-7434 - Enable Jolokia CORS strict-checking by default
(cherry picked from commit f221072375f87c14b90b604545d6981d8df5b667)
---
.../src/release/webapps/api/WEB-INF/classes/jolokia-access.xml | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git
a/assembly/src/release/webapps/api/WEB-INF/classes/jolokia-access.xml
b/assembly/src/release/webapps/api/WEB-INF/classes/jolokia-access.xml
index 09f29a4..8cad1cd 100644
--- a/assembly/src/release/webapps/api/WEB-INF/classes/jolokia-access.xml
+++ b/assembly/src/release/webapps/api/WEB-INF/classes/jolokia-access.xml
@@ -17,6 +17,11 @@
-->
<restrict>
+ <!-- Enforce that an Origin/Referer header is present to prevent CSRF -->
+ <cors>
+ <strict-checking/>
+ </cors>
+
<!-- deny calling operations or getting attributes from these mbeans -->
<deny>
<mbean>
@@ -31,4 +36,4 @@
</mbean>
</deny>
-</restrict>
\ No newline at end of file
+</restrict>
