Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-7558

Admin Web returns redundant security headers

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 7.0.0, EJBCA 6.15.2
    • Component/s: None
    • Labels:
      None
    • Sprint:
      EJBCA Team Alice - 2018 w48

      Description

      When the admin web error page is displayed,

      Content-Security-Policy and X-Content-Security-Policy

      are appended twice (with and without capital characters). The headers are set in the ContentSecurityFilter and in the error page.

      Causing the following failure:

      https://hudson.primekey.se/view/EJBCA%206.15.x/job/EJBCA_TRUNK_MARIADB_RHEL64_JBOSSEAP62_OPENJDK7/lastCompletedBuild/testReport/org.ejbca.ui.web.pub/HttpMethodsTest/testAdminWebXFrameOptionsOnError/

        Attachments

          Activity

            People

            Assignee:
            hsunmark Henrik Sunmark
            Reporter:
            hsunmark Henrik Sunmark
            Verified by:
            Bastian Fredriksson
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 4 hours
                4h
                Remaining:
                Time Spent - 2 hours, 40 minutes Remaining Estimate - 1 hour, 20 minutes
                1h 20m
                Logged:
                Time Spent - 2 hours, 40 minutes Remaining Estimate - 1 hour, 20 minutes
                2h 40m