laminelam commented on PR #1792: URL: https://github.com/apache/solr/pull/1792#issuecomment-1699940578
> * Add refguide docs > * CHANGES entry > * Constant naming > * Backend part of CSP header Will the CHANGEs entry. Here are the main changes to the patch: - In line with the security best practice of granting minimal necessary permissions, adjusted the _registerTokenEndpointForCsp_() method to incorporate the precise URL for the /token endpoint rather than a more general host:port based URL. - Thought providing the capability of passing the URLs as a comma-separated list is less confusing for the end-user/operator compared to using a prefix-based system property name. This approach also enables more concise implementation. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
