[WFCORE-7362] Add CSP header to management endpoints #6521
Conversation
|
Im not sure if this should be done for Common#sendError and DomainUtil as well ? |
|
Core -> Full Integration Build 14916 outcome was FAILURE using a merge of 780d0f7 |
|
Core -> Full Integration Build 14605 outcome was FAILURE using a merge of 780d0f7 |
|
Core -> WildFly Preview Integration Build 14719 outcome was FAILURE using a merge of 780d0f7 |
|
|
||
| public static final String DEFAULT_CSP_HEADER = "default-src 'self';"; | ||
| private final HttpHandler next; | ||
| private String headerContent = DEFAULT_CSP_HEADER; |
There was a problem hiding this comment.
This field and the 2 arg constructor should be dropped and we just use the constant.
If we ever have a situation where we actually need to make this configurable we can add the logic for it then.
This class's maven module is not meant for use outside of the server kernel so we should optimize it for that use.
baranowb
force-pushed
the
WFCORE-7362
branch
from
780d0f7 to
130aed2
Compare
|
Core -> Full Integration Build 14917 outcome was FAILURE using a merge of 130aed2 |
|
Core -> WildFly Preview Integration Build 14720 outcome was FAILURE using a merge of 130aed2 |
|
Core -> Full Integration Build 14606 outcome was FAILURE using a merge of 130aed2 |
|
Jobs fail in weird way: |
|
@baranowb The 29.x branch has already been released, and we do not plan to release again from here. Please, could you close this PR and open it again against |
|
There has been no activity on this PR for 45 days. It will be auto-closed after 90 days. |
4 participants
Issue: https://issues.redhat.com/browse/WFCORE-7362