janhoy commented on code in PR #1792: URL: https://github.com/apache/solr/pull/1792#discussion_r1311708090
########## solr/core/src/java/org/apache/solr/servlet/LoadAdminUiServlet.java: ########## @@ -60,20 +66,49 @@ public void doGet(HttpServletRequest _request, HttpServletResponse _response) th if (in != null && cores != null) { response.setCharacterEncoding("UTF-8"); response.setContentType("text/html"); + String connectSrc = generateCspConnectSrc(); + response.setHeader( + HttpHeaders.CONTENT_SECURITY_POLICY, + "default-src 'none'; base-uri 'none'; connect-src " + + connectSrc + + "; form-action 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'; worker-src 'self';"); // We have to close this to flush OutputStreamWriter buffer try (Writer out = new OutputStreamWriter( CloseShieldOutputStream.wrap(response.getOutputStream()), StandardCharsets.UTF_8)) { - Package pack = SolrCore.class.getPackage(); String html = new String(in.readAllBytes(), StandardCharsets.UTF_8) - .replace("${version}", pack.getSpecificationVersion()); + .replace("${version}", getSolrCorePackageSpecVersion()); out.write(html); } } else { response.sendError(404); } } } + + /** + * Retrieves the specification version of the SolrCore package. + * + * <p>This method is primarily introduced to facilitate unit testing + * + * @return The specification version of the SolrCore class's package or Unknown if it's + * unavailable. + */ + protected String getSolrCorePackageSpecVersion() { Review Comment: Precommit checks fail due to this. Change to private: ```suggestion private String getSolrCorePackageSpecVersion() { ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org