Actions
Bug #10260
closedArchitecture #10127: Switch to Scala 2.12 / Lift 3.0
Lift security policy violated
Status:
Released
Priority:
2
Assignee:
Category:
Architecture - Internal libs
Target version:
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
Fix check:
Regression:
Description
In 4.1, I sometime see that in log (on my dev environement):
| 'http://localhost:8082/rudder-web/secure/administration/policyServerManagement' from referrer 'http://localhost:8082/rudder-web/secure/administration/apiManagement': | 'data' was blocked because it violated the | directive 'img-src *'. The policy that specified | this directive is: 'default-src http://localhost:8082; font-src *; img-src *; script-src 'unsafe-eval' 'unsafe-inline' http://localhost:8082; style-src 'unsafe-inline' *; report-uri http://localhost:8082/rudder-web/lift/content-security-policy-report'.
It is likelly that it will break things so it need to be corrected, most likely by adding new security exception in Lift Boot configuration.
Updated by Vincent MEMBRÉ almost 8 years ago
- Target version changed from 4.1.0~rc1 to 4.1.0
Updated by Nicolas CHARLES almost 8 years ago
it also happens in non dev environment
I had it for a short while after upgrading from 4 -> 4.1, with issues in SELinux
Updated by François ARMAND almost 8 years ago
- Status changed from New to In progress
- Assignee set to François ARMAND
Updated by François ARMAND almost 8 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from François ARMAND to Vincent MEMBRÉ
- Pull Request set to https://github.com/Normation/rudder/pull/1570
Updated by François ARMAND almost 8 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|956180c822243b7b3d88d95765c1f62460a30c7b.
Updated by Benoît PECCATTE over 7 years ago
- Status changed from Pending release to Released
- Priority set to 0
This bug has been fixed in Rudder 4.1.0 which was released today.
- 4.1.0: Announce Changelog
- Download: https://www.rudder-project.org/site/get-rudder/downloads/
Actions