Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Plugin run on the remote host doesn't load due to CSP #3225

Open
mmelko opened this issue Feb 6, 2024 · 0 comments
Open

Plugin run on the remote host doesn't load due to CSP #3225

mmelko opened this issue Feb 6, 2024 · 0 comments
Milestone
2024Q2

Comments

@mmelko
Copy link
Contributor

mmelko commented Feb 6, 2024
edited 

Because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

How to reproduce:

  1. run springboot-plugin example on the different host to host the sample plugin
  2. modify SampleSpringBootService in the springboot-plugin example on your host to include URL of remote plugin:
    e.g:
 HawtioPlugin plugin = new HawtioPlugin(
           "samplePlugin",
           "./plugin",
           "http://192.168.1.169:10001");
           ``` 
3. try to load the plugin accessing `http://localhost:10001/actuator/hawtio/sample-plugin` and see the exceptions. 

`Becauseecause it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.`
To fix this the host of the plugin has to be added into `connect-src` `script-src` and `style-src` parts of the CSP
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Kanban Board
Status: Todo
Milestone
2024Q2
Development

No branches or pull requests
2 participants
@tadayosi @mmelko