gerlowskija opened a new pull request, #4110: URL: https://github.com/apache/solr/pull/4110
https://issues.apache.org/jira/browse/SOLR-18102 # Description A recent CVE fix added in some path normalization to HttpSolrCall, but neglected to update some special-casing we have when serving the static Admin UI files. This resulted in users visiting the Admin UI with auth enabled to get 401s, without a chance to authenticate themselves in the browser. # Solution This commit updates the special-casing in HttpSolrCall to be more flexible and handle the post-normalization Admin UI paths. (This PR fixes an unreleased issue, so I'm omitting a changelog entry.) # Tests Unfortunately we don't have any Selenium or other tests for our Admin UI, so I've mostly had to test this manually for now. # Checklist Please review the following and check all that apply: - [x] I have reviewed the guidelines for [How to Contribute](https://github.com/apache/solr/blob/main/CONTRIBUTING.md) and my code conforms to the standards described there to the best of my ability. - [x] I have created a Jira issue and added the issue ID to my pull request title. - [x] I have given Solr maintainers [access](https://help.github.com/en/articles/allowing-changes-to-a-pull-request-branch-created-from-a-fork) to contribute to my PR branch. (optional but recommended, not available for branches on forks living under an organisation) - [x] I have developed this patch against the `main` branch. - [x] I have run `./gradlew check`. - [x] I have added tests for my changes. - [ ] I have added a [changelog entry](https://github.com/apache/solr/blob/main/dev-docs/changelog.adoc) for my change -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
