[ClusterLabs] Missing or Permissive Content-Security-Policy frameancestors HTTP Response Header in pcsd

[Tomas Jelinek]

Hi,

We added sending the Content-Security-Policy in commits:
https://github.com/ClusterLabs/pcs/commit/d76924fda6574cdcdac4fc75f433dd58ae48cb2e
and
https://github.com/ClusterLabs/pcs/commit/76aa72a67d2f89c3f725a6e9187631c270e5bb0c

Regards,
Tomas


Dne 19. 05. 20 v 10:06 Tomas Jelinek napsal(a):
> Hi,
> 
> Even if you disable the pcsd GUI, the daemon is still running and 
> listening on port 2224. It is needed for pcs to be able to communicate 
> with and manage cluster nodes. The fact the page is accessible is expected.
> 
> What pcs version are you running?
> 
> 
> Regards,
> Tomas
> 
> 
> Dne 18. 05. 20 v 9:25 S Sathish S napsal(a):
>> Hi Team,
>>
>> We are getting below vulnerable alert while using pcs , we are not 
>> using pcs Web UI interface can we know mitigation plan for this.
>>
>> Plugin ID             :  50344
>>
>> Plugin Name      : Missing or Permissive Content-Security-Policy 
>> frameancestors HTTP Response Header
>>
>> Port                     : TCP 2224
>>
>> We have tried disabled Web UI interface and restart pcsd service , 
>> Still page is accessible and login page display “PCSD GUI is disabled”
>>
>> *Configuration File* :
>>
>> # cat /etc/sysconfig/pcsd  | grep -i GUI
>>
>> # Set DISABLE_GUI to true to disable GUI frontend in pcsd
>>
>> PCSD_DISABLE_GUI=true
>>
>> *Web UI Details* :
>>
>> https://<IP Address>:2224/login <https://%3cIP%20Address%3e:2224/login>
>>
>> Print “ PCSD GUI is disabled”
>>
>> Can you suggest the way-forward for the same.
>>
>> Thanks and Regards,
>>
>> S Sathish S
>>
>>
>> _______________________________________________
>> Manage your subscription:
>> https://lists.clusterlabs.org/mailman/listinfo/users
>>
>> ClusterLabs home: https://www.clusterlabs.org/
>>
> 
> 
> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
> 
> ClusterLabs home: https://www.clusterlabs.org/
>