Bug #10260: Lift security policy violated - Rudder - Issue Tracker

Actions

Copy link

Bug #10260

closed

Architecture #10127: Switch to Scala 2.12 / Lift 3.0

Lift security policy violated

Added by François ARMAND over 7 years ago. Updated over 7 years ago.

Status:

Released

Priority:

Assignee:

Vincent MEMBRÉ

Category:

Architecture - Internal libs

Target version:

4.1.0

Pull Request:

https://github.com/Normation/rudder/p...

Severity:

UX impact:

User visibility:

Effort required:

Priority:

Name check:

Fix check:

Regression:

Description

In 4.1, I sometime see that in log (on my dev environement):

       | 'http://localhost:8082/rudder-web/secure/administration/policyServerManagement' from referrer 'http://localhost:8082/rudder-web/secure/administration/apiManagement':
       | 'data' was blocked because it violated the
       | directive 'img-src *'. The policy that specified
       | this directive is: 'default-src http://localhost:8082; font-src *; img-src *; script-src 'unsafe-eval' 'unsafe-inline' http://localhost:8082; style-src 'unsafe-inline' *; report-uri http://localhost:8082/rudder-web/lift/content-security-policy-report'.

It is likelly that it will break things so it need to be corrected, most likely by adding new security exception in Lift Boot configuration.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Rudder

Custom queries

Bug #10260

Lift security policy violated

Updated by Vincent MEMBRÉ over 7 years ago

Updated by Nicolas CHARLES over 7 years ago

Updated by François ARMAND over 7 years ago

Updated by François ARMAND over 7 years ago

Updated by François ARMAND over 7 years ago

Updated by Benoît PECCATTE over 7 years ago