Project

General

Profile

Actions

Bug #10260

closed

Architecture #10127: Switch to Scala 2.12 / Lift 3.0

Lift security policy violated

Added by François ARMAND over 7 years ago. Updated over 7 years ago.

Status:
Released
Priority:
2
Category:
Architecture - Internal libs
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
Fix check:
Regression:

Description

In 4.1, I sometime see that in log (on my dev environement):

       | 'http://localhost:8082/rudder-web/secure/administration/policyServerManagement' from referrer 'http://localhost:8082/rudder-web/secure/administration/apiManagement':
       | 'data' was blocked because it violated the
       | directive 'img-src *'. The policy that specified
       | this directive is: 'default-src http://localhost:8082; font-src *; img-src *; script-src 'unsafe-eval' 'unsafe-inline' http://localhost:8082; style-src 'unsafe-inline' *; report-uri http://localhost:8082/rudder-web/lift/content-security-policy-report'.

It is likelly that it will break things so it need to be corrected, most likely by adding new security exception in Lift Boot configuration.

Actions

Also available in: Atom PDF