Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-9242

Apply 'Content Security Policy' HTTP header to Hawtio

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Done
    • Icon: Major Major
    • fuse-7.2
    • fuse-7.0
    • Hawtio
    • 0
    • 0% 0%
    • Todo
    • Fuse 7.2 Sprint 35

      https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

      • Content Security Policy
        The server supplies headers that indicate the type of content that a page, and its embedded resources, are likely to supply.

      Instructions for testing (on Karaf, EAP, and Spring Boot):

      • Check the following header is being set in all requests:
      Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; connect-src 'self'; frame-src 'self'
      
      • Check the browser console doesn't have any error messages mentioning Content Security Policy.
      • Do a quick smoke test.

        1. hawtio-keycloak.png
          hawtio-keycloak.png
          26 kB
        2. keycloak-error.png
          keycloak-error.png
          61 kB
        3. keycloak-integration.webm
          4.10 MB

              abrianik Alexandre Briani Kieling
              rhn-support-tasato Tadayoshi Sato
              Lucia Drozdova Lucia Drozdova (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: