Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-9242

Apply 'Content Security Policy' HTTP header to Hawtio

XMLWordPrintable

    • Icon: Enhancement Enhancement
    • Resolution: Done
    • Icon: Major Major
    • fuse-7.2
    • fuse-7.0
    • Hawtio
    • None
    • % %
    • Fuse 7.2 Sprint 35

      https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

      • Content Security Policy
        The server supplies headers that indicate the type of content that a page, and its embedded resources, are likely to supply.

      Instructions for testing (on Karaf, EAP, and Spring Boot):

      • Check the following header is being set in all requests:
      Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; connect-src 'self'; frame-src 'self'
      
      • Check the browser console doesn't have any error messages mentioning Content Security Policy.
      • Do a quick smoke test.

        1. hawtio-keycloak.png
          26 kB
          Grzegorz Grzybek
        2. keycloak-error.png
          61 kB
          Lucia Drozdova
        3. keycloak-integration.webm
          4.10 MB
          Lucia Drozdova

            abrianik Alexandre Briani Kieling
            rhn-support-tasato Tadayoshi Sato
            Lucia Drozdova Lucia Drozdova (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: