Actions
Bug #10260
closed
Architecture #10127: Switch to Scala 2.12 / Lift 3.0
Lift security policy violated
Status:
Released
Priority:
2
Assignee:
Category:
Architecture - Internal libs
Target version:
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
Fix check:
Regression:
Description
In 4.1, I sometime see that in log (on my dev environement):
| 'http://localhost:8082/rudder-web/secure/administration/policyServerManagement' from referrer 'http://localhost:8082/rudder-web/secure/administration/apiManagement':
| 'data' was blocked because it violated the
| directive 'img-src *'. The policy that specified
| this directive is: 'default-src http://localhost:8082; font-src *; img-src *; script-src 'unsafe-eval' 'unsafe-inline' http://localhost:8082; style-src 'unsafe-inline' *; report-uri http://localhost:8082/rudder-web/lift/content-security-policy-report'.
It is likelly that it will break things so it need to be corrected, most likely by adding new security exception in Lift Boot configuration.
Updated by 
Updated by 
Updated by 
Updated by
Actions