Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fonts extensions now allowed by default #22855

Closed
1 task done
yelhouti opened this issue Jul 13, 2023 · 3 comments
Closed
1 task done

Fonts extensions now allowed by default #22855

yelhouti opened this issue Jul 13, 2023 · 3 comments
Labels
area: enhancement 🔧 $$ bug-bounty $$ https://www.jhipster.tech/bug-bounties/ theme: java theme: security $100 https://www.jhipster.tech/bug-bounties/
Milestone
8.0.0-beta.3

Comments

@yelhouti
Copy link
Contributor

The new Security Config block everything by default which is great.
However, some extensions are still missing.

I think there should be a better way for allowing static resources, by securing only requests that go to the controller and redirect anything with an extension that is not /api and /management to fetch a resource.

  • Checking this box is mandatory (this is just to show you read everything)
@yelhouti
Copy link
Contributor Author

@mraible

@mraible
Copy link
Contributor

mraible commented Jul 13, 2023

I like how it is now because you have to be intentional about adding new extensions. I don't think changing one line is too difficult:

https://github.com/jhipster/generator-jhipster/blob/main/generators/server/templates/src/main/java/package/config/SecurityConfiguration_imperative.java.ejs#L171

FWIW, I'll be going on vacation tomorrow for a month. I'd be happy to review something when I get back.

@deepu105 deepu105 added area: enhancement 🔧 $100 https://www.jhipster.tech/bug-bounties/ theme: java $$ bug-bounty $$ https://www.jhipster.tech/bug-bounties/ theme: security and removed area: triage theme: undefined labels Aug 11, 2023
@dinu0000 dinu0000 mentioned this issue Aug 11, 2023
Closed
6 tasks
@dinu0000
Copy link
Contributor

@mraible could you please take a look

@deepu105 deepu105 added this to the 8.0.0-beta.3 milestone Sep 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area: enhancement 🔧 $$ bug-bounty $$ https://www.jhipster.tech/bug-bounties/ theme: java theme: security $100 https://www.jhipster.tech/bug-bounties/
Projects
None yet
Milestone
8.0.0-beta.3
Development

Successfully merging a pull request may close this issue.

Added common web fonts to security configs dinu0000/generator-jhipster
5 participants
@mraible @deepu105 @DanielFran @yelhouti @dinu0000