[ClusterLabs] Missing or Permissive Content-Security-Policy frameancestors HTTP Response Header in pcsd
Tomas Jelinek
tojeline at redhat.com
Fri May 22 06:39:03 EDT 2020
Hi,
We added sending the Content-Security-Policy in commits:
https://github.com/ClusterLabs/pcs/commit/d76924fda6574cdcdac4fc75f433dd58ae48cb2e
and
https://github.com/ClusterLabs/pcs/commit/76aa72a67d2f89c3f725a6e9187631c270e5bb0c
Regards,
Tomas
Dne 19. 05. 20 v 10:06 Tomas Jelinek napsal(a):
> Hi,
>
> Even if you disable the pcsd GUI, the daemon is still running and
> listening on port 2224. It is needed for pcs to be able to communicate
> with and manage cluster nodes. The fact the page is accessible is expected.
>
> What pcs version are you running?
>
>
> Regards,
> Tomas
>
>
> Dne 18. 05. 20 v 9:25 S Sathish S napsal(a):
>> Hi Team,
>>
>> We are getting below vulnerable alert while using pcs , we are not
>> using pcs Web UI interface can we know mitigation plan for this.
>>
>> Plugin ID : 50344
>>
>> Plugin Name : Missing or Permissive Content-Security-Policy
>> frameancestors HTTP Response Header
>>
>> Port : TCP 2224
>>
>> We have tried disabled Web UI interface and restart pcsd service ,
>> Still page is accessible and login page display “PCSD GUI is disabled”
>>
>> *Configuration File* :
>>
>> # cat /etc/sysconfig/pcsd | grep -i GUI
>>
>> # Set DISABLE_GUI to true to disable GUI frontend in pcsd
>>
>> PCSD_DISABLE_GUI=true
>>
>> *Web UI Details* :
>>
>> https://<IP Address>:2224/login <https://%3cIP%20Address%3e:2224/login>
>>
>> Print “ PCSD GUI is disabled”
>>
>> Can you suggest the way-forward for the same.
>>
>> Thanks and Regards,
>>
>> S Sathish S
>>
>>
>> _______________________________________________
>> Manage your subscription:
>> https://lists.clusterlabs.org/mailman/listinfo/users
>>
>> ClusterLabs home: https://www.clusterlabs.org/
>>
>
>
> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
>
> ClusterLabs home: https://www.clusterlabs.org/
>
More information about the Users
mailing list