(activemq) branch main updated: AMQ-9739: Removed "upgrade-insecure-requests" from the Web Console's Content-Security-Policy header. (#1472)

[jbonofre]

This is an automated email from the ASF dual-hosted git repository.

jbonofre pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq.git


The following commit(s) were added to refs/heads/main by this push:
     new 35197b44c5 AMQ-9739: Removed "upgrade-insecure-requests" from the Web 
Console's Content-Security-Policy header. (#1472)
35197b44c5 is described below

commit 35197b44c51c4d93c2e1f6bf548fe8282a4e3586
Author: Sérgio Lemos <lem...@amazon.com>
AuthorDate: Thu Aug 21 08:58:50 2025 -0700

    AMQ-9739: Removed "upgrade-insecure-requests" from the Web Console's 
Content-Security-Policy header. (#1472)
    
    Fixes issues loading assets when serving the Web Console via HTTP.
---
 assembly/src/release/conf/jetty.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/assembly/src/release/conf/jetty.xml 
b/assembly/src/release/conf/jetty.xml
index 75923e6dbe..cb3d281ea3 100644
--- a/assembly/src/release/conf/jetty.xml
+++ b/assembly/src/release/conf/jetty.xml
@@ -82,13 +82,13 @@
                 <bean id="header" 
class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
                     <property name="pattern" value="*"/>
                     <property name="name" value="Content-Security-Policy"/>
-                    <property name="value" value="upgrade-insecure-requests; 
style-src-elem 'self'; style-src 'self'; img-src 'self'; script-src-elem 
'self'; default-src 'none'; object-src 'none'; frame-ancestors 'none'; base-uri 
'none';" />
+                    <property name="value" value="style-src-elem 'self'; 
style-src 'self'; img-src 'self'; script-src-elem 'self'; default-src 'none'; 
object-src 'none'; frame-ancestors 'none'; base-uri 'none';" />
                 </bean>
                 <!-- More relaxed rules to allow browsers to properly render 
XML -->
                 <bean id="header" 
class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
                     <property name="pattern" value="/admin/xml/*"/>
                     <property name="name" value="Content-Security-Policy"/>
-                    <property name="value" value="upgrade-insecure-requests; 
style-src-elem 'self' 'unsafe-inline'; style-src 'self'; img-src 'self' data:; 
script-src-elem 'self'; default-src 'none'; object-src 'none'; frame-ancestors 
'none'; base-uri 'none';" />
+                    <property name="value" value="style-src-elem 'self' 
'unsafe-inline'; style-src 'self'; img-src 'self' data:; script-src-elem 
'self'; default-src 'none'; object-src 'none'; frame-ancestors 'none'; base-uri 
'none';" />
                 </bean>
             </list>
         </property>


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@activemq.apache.org
For additional commands, e-mail: commits-h...@activemq.apache.org
For further information, visit: https://activemq.apache.org/contact