[GitHub] [solr] laminelam commented on a diff in pull request #1792: add support of OAuth 2.0/OIDC 'code with PKCE' flow (back-end)

Thu, 31 Aug 2023 10:00:00 -0700 


laminelam commented on code in PR #1792:
URL: https://github.com/apache/solr/pull/1792#discussion_r1311932809


##########
solr/core/src/java/org/apache/solr/servlet/LoadAdminUiServlet.java:
##########
@@ -60,20 +66,49 @@ public void doGet(HttpServletRequest _request, 
HttpServletResponse _response) th
       if (in != null && cores != null) {
         response.setCharacterEncoding("UTF-8");
         response.setContentType("text/html");
+        String connectSrc = generateCspConnectSrc();
+        response.setHeader(
+            HttpHeaders.CONTENT_SECURITY_POLICY,
+            "default-src 'none'; base-uri 'none'; connect-src "
+                + connectSrc
+                + "; form-action 'self'; font-src 'self'; frame-ancestors 
'none'; img-src 'self' data:; media-src 'self'; style-src 'self' 
'unsafe-inline'; script-src 'self'; worker-src 'self';");
 
         // We have to close this to flush OutputStreamWriter buffer
         try (Writer out =
             new OutputStreamWriter(
                 CloseShieldOutputStream.wrap(response.getOutputStream()), 
StandardCharsets.UTF_8)) {
-          Package pack = SolrCore.class.getPackage();
           String html =
               new String(in.readAllBytes(), StandardCharsets.UTF_8)
-                  .replace("${version}", pack.getSpecificationVersion());
+                  .replace("${version}", getSolrCorePackageSpecVersion());
           out.write(html);
         }
       } else {
         response.sendError(404);
       }
     }
   }
+
+  /**
+   * Retrieves the specification version of the SolrCore package.
+   *
+   * <p>This method is primarily introduced to facilitate unit testing
+   *
+   * @return The specification version of the SolrCore class's package or 
Unknown if it's
+   *     unavailable.
+   */
+  protected String getSolrCorePackageSpecVersion() {

Review Comment:
   done



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to