Project

General

Profile

Actions

Bug #10260

closed

Architecture #10127: Switch to Scala 2.12 / Lift 3.0

Lift security policy violated

Added by François ARMAND over 7 years ago. Updated over 7 years ago.

Status:
Released
Priority:
2
Category:
Architecture - Internal libs
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
Fix check:
Regression:

Description

In 4.1, I sometime see that in log (on my dev environement):

       | 'http://localhost:8082/rudder-web/secure/administration/policyServerManagement' from referrer 'http://localhost:8082/rudder-web/secure/administration/apiManagement':
       | 'data' was blocked because it violated the
       | directive 'img-src *'. The policy that specified
       | this directive is: 'default-src http://localhost:8082; font-src *; img-src *; script-src 'unsafe-eval' 'unsafe-inline' http://localhost:8082; style-src 'unsafe-inline' *; report-uri http://localhost:8082/rudder-web/lift/content-security-policy-report'.

It is likelly that it will break things so it need to be corrected, most likely by adding new security exception in Lift Boot configuration.

Actions #1

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 4.1.0~rc1 to 4.1.0
Actions #2

Updated by Nicolas CHARLES over 7 years ago

it also happens in non dev environment
I had it for a short while after upgrading from 4 -> 4.1, with issues in SELinux

Actions #3

Updated by François ARMAND over 7 years ago

  • Status changed from New to In progress
  • Assignee set to François ARMAND
Actions #4

Updated by François ARMAND over 7 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder/pull/1570
Actions #5

Updated by François ARMAND over 7 years ago

  • Status changed from Pending technical review to Pending release
Actions #6

Updated by Benoît PECCATTE over 7 years ago

  • Status changed from Pending release to Released
  • Priority set to 0

This bug has been fixed in Rudder 4.1.0 which was released today.

Actions

Also available in: Atom PDF