activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jbono...@apache.org
Subject [activemq] branch activemq-5.15.x updated: AMQ-7434 - Enable Jolokia CORS strict-checking by default
Date Tue, 03 Mar 2020 14:49:25 GMT
This is an automated email from the ASF dual-hosted git repository.

jbonofre pushed a commit to branch activemq-5.15.x
in repository https://gitbox.apache.org/repos/asf/activemq.git


The following commit(s) were added to refs/heads/activemq-5.15.x by this push:
     new d42bf43  AMQ-7434 - Enable Jolokia CORS strict-checking by default
d42bf43 is described below

commit d42bf43362cc4ae16b6bebe38b76e4f43a2052e3
Author: Colm O hEigeartaigh <coheigea@apache.org>
AuthorDate: Tue Mar 3 14:22:04 2020 +0000

    AMQ-7434 - Enable Jolokia CORS strict-checking by default
    
    (cherry picked from commit f221072375f87c14b90b604545d6981d8df5b667)
---
 .../src/release/webapps/api/WEB-INF/classes/jolokia-access.xml     | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/assembly/src/release/webapps/api/WEB-INF/classes/jolokia-access.xml b/assembly/src/release/webapps/api/WEB-INF/classes/jolokia-access.xml
index 09f29a4..8cad1cd 100644
--- a/assembly/src/release/webapps/api/WEB-INF/classes/jolokia-access.xml
+++ b/assembly/src/release/webapps/api/WEB-INF/classes/jolokia-access.xml
@@ -17,6 +17,11 @@
 -->
 <restrict>
 
+  <!-- Enforce that an Origin/Referer header is present to prevent CSRF -->
+  <cors>
+    <strict-checking/>
+  </cors>
+
   <!-- deny calling operations or getting attributes from these mbeans -->
   <deny>
     <mbean>
@@ -31,4 +36,4 @@
     </mbean>
   </deny>
 
-</restrict>
\ No newline at end of file
+</restrict>


Mime
View raw message