janhoy commented on PR #1792: URL: https://github.com/apache/solr/pull/1792#issuecomment-1697241385
> > Eager to get this into 9.4. Let me know if we can help finalizing these two PRs > > @janhoy I should push a new commit sometime today. I have changed little bit your CSP patch, I just need to add a test class for LoadAdminUiServlet. Cool. In my patch i completely disabled CSP response for all other endpoints than the `AdminUIServlet`. I cannot see a reason to return that header for other endpoints. The only I can think of is if you have a solr package that exposes another UI on some path, it could be nice to protect that UI with CSP rules, so if it would be possible to have some fallback CSP header for all other requests perhaps? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
