You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* Welcome title available from ContractInfo
* Layer / LayerGroup title and description
* Clean up catalogLinksFragment with accurate layer group counts
* Test catalog links work as expected
* Administration fieldset for catalogLinks and contributedContent
* contributedContent is only shown for global welcome page
* gs-web-demo contributes preview for common formats
* update catalog card styles
* MapFormats
* vector formats
* Adjust catalog link visibility based on feedback
* default data directory: Add Natural Earth metadata and data links
* default data directory: Remove jaiext settings for geoserver 3.0 release
* Add admin layer feedback for disabled and advertised status
* Integrate with navigation change to layer= and group= parameters, breakout out catalog links from home page
* Metadata links
* Data links
* QA and formatting
---------
Co-authored-by: allyoucanmap <stefano.bovio@geosolutionsgroup.com>
<description>Rules to set GeoServer's Content-Security-Policy header</description>
12
+
<enabled>true</enabled>
13
+
<rule>
14
+
<name>static-html-files</name>
15
+
<description>Allow unsafe scripts and remote resources on static HTML pages unless disabled by a property.</description>
16
+
<enabled>true</enabled>
17
+
<filter>PATH(^/www/.*\.html?$) AND PROP(GEOSERVER_DISABLE_STATIC_WEB_FILES,(?i)^(?!true$).*$) AND PROP(GEOSERVER_STATIC_WEB_FILES_SCRIPT,(?i)^(UNSAFE)?$)</filter>
<description>Allow unsafe scripts and remote resources on WMS GetFeatureInfo HTML output if enabled by a property.</description>
23
+
<enabled>true</enabled>
24
+
<filter>PATH(^/([^/]+/){0,2}ows/?$) AND PARAM((?i)^service$,(?i)^wms$) AND PARAM((?i)^request$,(?i)^getfeatureinfo$) AND PARAM((?i)^info_format$,(?i)^text/html$) AND PROP(GEOSERVER_FEATUREINFO_HTML_SCRIPT,(?i)^UNSAFE$)</filter>
25
+
<directives></directives>
26
+
</rule>
27
+
<rule>
28
+
<name>wms-featureinfo-html</name>
29
+
<description>Allow unsafe scripts and remote resources on WMS GetFeatureInfo HTML output if enabled by a property.</description>
30
+
<enabled>true</enabled>
31
+
<filter>PATH(^/([^/]+/){0,2}wms/?$) AND PARAM((?i)^service$,(?i)^(wms)?$) AND PARAM((?i)^request$,(?i)^getfeatureinfo$) AND PARAM((?i)^info_format$,(?i)^text/html$) AND PROP(GEOSERVER_FEATUREINFO_HTML_SCRIPT,(?i)^UNSAFE$)</filter>
32
+
<directives></directives>
33
+
</rule>
34
+
<rule>
35
+
<name>wtms-kvp-featureinfo-html</name>
36
+
<description>Allow unsafe scripts and remote resources on WMTS GetFeatureInfo HTML output if enabled by a property.</description>
37
+
<enabled>true</enabled>
38
+
<filter>PATH(^/([^/]+/){0,2}gwc/service/wmts/?$) AND PARAM((?i)^service$,(?i)^(wmts)?$) AND PARAM((?i)^request$,(?i)^getfeatureinfo$) AND PARAM((?i)^infoformat$,^text/html$) AND PROP(GEOSERVER_FEATUREINFO_HTML_SCRIPT,(?i)^UNSAFE$)</filter>
39
+
<directives></directives>
40
+
</rule>
41
+
<rule>
42
+
<name>wtms-rest-featureinfo-html</name>
43
+
<description>Allow unsafe scripts and remote resources on WMTS GetFeatureInfo HTML output if enabled by a property.</description>
44
+
<enabled>true</enabled>
45
+
<filter>PATH(^/([^/]+/){0,2}gwc/service/wmts/rest(/[^/]*){7,8}$) AND PARAM(^format$,^text/html$) AND PROP(GEOSERVER_FEATUREINFO_HTML_SCRIPT,(?i)^UNSAFE$)</filter>
46
+
<directives></directives>
47
+
</rule>
48
+
<rule>
49
+
<name>index-page</name>
50
+
<description>Allow unsafe scripts on the index.html page.</description>
<description>Rules to set GeoServer's Content-Security-Policy header</description>
12
+
<enabled>true</enabled>
13
+
<rule>
14
+
<name>static-html-files</name>
15
+
<description>Allow unsafe scripts and remote resources on static HTML pages unless disabled by a property.</description>
16
+
<enabled>true</enabled>
17
+
<filter>PATH(^/www/.*\.html?$) AND PROP(GEOSERVER_DISABLE_STATIC_WEB_FILES,(?i)^(?!true$).*$) AND PROP(GEOSERVER_STATIC_WEB_FILES_SCRIPT,(?i)^(UNSAFE)?$)</filter>
<description>Allow unsafe scripts and remote resources on WMS GetFeatureInfo HTML output if enabled by a property.</description>
23
+
<enabled>true</enabled>
24
+
<filter>PATH(^/([^/]+/){0,2}ows/?$) AND PARAM((?i)^service$,(?i)^wms$) AND PARAM((?i)^request$,(?i)^getfeatureinfo$) AND PARAM((?i)^info_format$,(?i)^text/html$) AND PROP(GEOSERVER_FEATUREINFO_HTML_SCRIPT,(?i)^UNSAFE$)</filter>
25
+
<directives></directives>
26
+
</rule>
27
+
<rule>
28
+
<name>wms-featureinfo-html</name>
29
+
<description>Allow unsafe scripts and remote resources on WMS GetFeatureInfo HTML output if enabled by a property.</description>
30
+
<enabled>true</enabled>
31
+
<filter>PATH(^/([^/]+/){0,2}wms/?$) AND PARAM((?i)^service$,(?i)^(wms)?$) AND PARAM((?i)^request$,(?i)^getfeatureinfo$) AND PARAM((?i)^info_format$,(?i)^text/html$) AND PROP(GEOSERVER_FEATUREINFO_HTML_SCRIPT,(?i)^UNSAFE$)</filter>
32
+
<directives></directives>
33
+
</rule>
34
+
<rule>
35
+
<name>wtms-kvp-featureinfo-html</name>
36
+
<description>Allow unsafe scripts and remote resources on WMTS GetFeatureInfo HTML output if enabled by a property.</description>
37
+
<enabled>true</enabled>
38
+
<filter>PATH(^/([^/]+/){0,2}gwc/service/wmts/?$) AND PARAM((?i)^service$,(?i)^(wmts)?$) AND PARAM((?i)^request$,(?i)^getfeatureinfo$) AND PARAM((?i)^infoformat$,^text/html$) AND PROP(GEOSERVER_FEATUREINFO_HTML_SCRIPT,(?i)^UNSAFE$)</filter>
39
+
<directives></directives>
40
+
</rule>
41
+
<rule>
42
+
<name>wtms-rest-featureinfo-html</name>
43
+
<description>Allow unsafe scripts and remote resources on WMTS GetFeatureInfo HTML output if enabled by a property.</description>
44
+
<enabled>true</enabled>
45
+
<filter>PATH(^/([^/]+/){0,2}gwc/service/wmts/rest(/[^/]*){7,8}$) AND PARAM(^format$,^text/html$) AND PROP(GEOSERVER_FEATUREINFO_HTML_SCRIPT,(?i)^UNSAFE$)</filter>
46
+
<directives></directives>
47
+
</rule>
48
+
<rule>
49
+
<name>index-page</name>
50
+
<description>Allow unsafe scripts on the index.html page.</description>
0 commit comments