[ https://issues.apache.org/jira/browse/SOLR-14634?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ishan Chattopadhyaya resolved SOLR-14634. ----------------------------------------- Fix Version/s: 8.7 Resolution: Fixed > Limit the HTTP security headers to /solr end point > -------------------------------------------------- > > Key: SOLR-14634 > URL: https://issues.apache.org/jira/browse/SOLR-14634 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Affects Versions: 8.6 > Reporter: Noble Paul > Assignee: Noble Paul > Priority: Blocker > Fix For: 8.7 > > Time Spent: 0.5h > Remaining Estimate: 0h > > Ideally the CSP headers and other security headers are only required for web > components such as html/js etc. There should be no need to send it out for a > {{json}} or{{ javabin}} response. It is unnecessary data that is being sent. > The problem is our web UI content paths are not easy to differentiate from > other paths. But the v2 APIs do not need to pay that price and that can be > easily achieved by adding a pattern to the rules -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org