A couple more CSP enhancements

labkey-adam · labkey-adam · commit 5ac31a500766 · 2025-06-29T18:55:03.000-07:00
diff --git a/server/embedded/build.gradle b/server/embedded/build.gradle
@@ -161,7 +161,7 @@ project.publishing {
             artifact project.tasks.bootJar.outputs.files.singleFile
             pom {
                 name = "LabKey Server Embedded"
-                description = "LabKey classes for producing distributions with embedded TomCat."
+                description = "Embedded Tomcat, Spring Boot, and the LabKey classes that configure these components"
                 developers PomFileHelper.getLabKeyTeamDevelopers()
                 licenses PomFileHelper.getApacheLicense()
                 organization PomFileHelper.getLabKeyOrganization()
diff --git a/server/embedded/src/org/labkey/embedded/LabKeyServer.java b/server/embedded/src/org/labkey/embedded/LabKeyServer.java
@@ -45,7 +45,7 @@ public static void main(String[] args)
             return;
         }
 
-        // Issue 40038: Ride-or-die Mode - default to shutting down by default in embedded deployment scenario
+        // Issue 40038: Ride-or-die Mode - default to shutting down by default
         if (System.getProperty(TERMINATE_ON_STARTUP_FAILURE) == null)
         {
             System.setProperty(TERMINATE_ON_STARTUP_FAILURE, "true");
@@ -70,7 +70,7 @@ public static void main(String[] args)
         String baseCsp = """
                 default-src 'self' ;
                 connect-src 'self' ${CONNECTION.SOURCES} ;
-                object-src 'none' ;
+                object-src ${OBJECT.SOURCES} ;  /* Substitution value defaults to 'none' unless overridden by an admin */
                 style-src 'self' 'unsafe-inline' ${STYLE.SOURCES} ;
                 img-src 'self' data: ${IMAGE.SOURCES} ;
                 font-src 'self' data: ${FONT.SOURCES} ;
@@ -862,5 +862,4 @@ public void setKeyStore(String keyStore)
             this.keyStore = keyStore;
         }
     }
-
 }
diff --git a/server/embedded/src/org/labkey/embedded/LabKeyTomcatServletWebServerFactory.java b/server/embedded/src/org/labkey/embedded/LabKeyTomcatServletWebServerFactory.java
@@ -275,7 +275,7 @@ private void addContextProperty(StandardContext context, String value, String na
         }
     }
 
-    // Issue 48565: allow for JSON-formatted access logs in embedded tomcat
+    // Issue 48565: allow for JSON-formatted access logs
     private void configureJsonAccessLogging(Tomcat tomcat, LabKeyServer.JsonAccessLog logConfig)
     {
         var v = new JsonAccessLogValve();

Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@ public static void main(String[] args)`
`45`	`45`	`return;`
`46`	`46`	`}`
`47`	`47`
`48`		`- // Issue 40038: Ride-or-die Mode - default to shutting down by default in embedded deployment scenario`
	`48`	`+ // Issue 40038: Ride-or-die Mode - default to shutting down by default`
`49`	`49`	`if (System.getProperty(TERMINATE_ON_STARTUP_FAILURE) == null)`
`50`	`50`	`{`
`51`	`51`	`System.setProperty(TERMINATE_ON_STARTUP_FAILURE, "true");`
`@@ -70,7 +70,7 @@ public static void main(String[] args)`
`70`	`70`	`String baseCsp = """`
`71`	`71`	`default-src 'self' ;`
`72`	`72`	`connect-src 'self' ${CONNECTION.SOURCES} ;`
`73`		`- object-src 'none' ;`
	`73`	`+ object-src ${OBJECT.SOURCES} ; /* Substitution value defaults to 'none' unless overridden by an admin */`
`74`	`74`	`style-src 'self' 'unsafe-inline' ${STYLE.SOURCES} ;`
`75`	`75`	`img-src 'self' data: ${IMAGE.SOURCES} ;`
`76`	`76`	`font-src 'self' data: ${FONT.SOURCES} ;`
`@@ -862,5 +862,4 @@ public void setKeyStore(String keyStore)`
`862`	`862`	`this.keyStore = keyStore;`
`863`	`863`	`}`
`864`	`864`	`}`
`865`		`-`
`866`	`865`	`}`
Original file line number	Diff line number	Diff line change
`@@ -275,7 +275,7 @@ private void addContextProperty(StandardContext context, String value, String na`
`275`	`275`	`}`
`276`	`276`	`}`
`277`	`277`
`278`		`- // Issue 48565: allow for JSON-formatted access logs in embedded tomcat`
	`278`	`+ // Issue 48565: allow for JSON-formatted access logs`
`279`	`279`	`private void configureJsonAccessLogging(Tomcat tomcat, LabKeyServer.JsonAccessLog logConfig)`
`280`	`280`	`{`
`281`	`281`	`var v = new JsonAccessLogValve();`