[ https://issues.apache.org/jira/browse/SOLR-14634?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17152740#comment-17152740 ]
ASF subversion and git services commented on SOLR-14634: -------------------------------------------------------- Commit 5154b6008f54c9d096f5efe9ae347492c23dd780 in lucene-solr's branch refs/heads/master from Noble Paul [ https://gitbox.apache.org/repos/asf?p=lucene-solr.git;h=5154b60 ] SOLR-14634: Limit the HTTP security headers to "/solr" end point (#1655) > Limit the HTTP security headers to /solr end point > -------------------------------------------------- > > Key: SOLR-14634 > URL: https://issues.apache.org/jira/browse/SOLR-14634 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Affects Versions: 8.6 > Reporter: Noble Paul > Priority: Blocker > Time Spent: 20m > Remaining Estimate: 0h > > Ideally the CSP headers and other security headers are only required for web > components such as html/js etc. There should be no need to send it out for a > {{json}} or{{ javabin}} response. It is unnecessary data that is being sent. > The problem is our web UI content paths are not easy to differentiate from > other paths. But the v2 APIs do not need to pay that price and that can be > easily achieved by adding a pattern to the rules -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org