From 5ac31a500766730086230346f5fb476f9c854921 Mon Sep 17 00:00:00 2001 From: Adam Rauch Date: Sun, 29 Jun 2025 18:55:03 -0700 Subject: [PATCH 1/2] A couple more CSP enhancements --- server/embedded/build.gradle | 2 +- server/embedded/src/org/labkey/embedded/LabKeyServer.java | 5 ++--- .../labkey/embedded/LabKeyTomcatServletWebServerFactory.java | 2 +- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/server/embedded/build.gradle b/server/embedded/build.gradle index 90ea0bb022..588653ff18 100644 --- a/server/embedded/build.gradle +++ b/server/embedded/build.gradle @@ -161,7 +161,7 @@ project.publishing { artifact project.tasks.bootJar.outputs.files.singleFile pom { name = "LabKey Server Embedded" - description = "LabKey classes for producing distributions with embedded TomCat." + description = "Embedded Tomcat, Spring Boot, and the LabKey classes that configure these components" developers PomFileHelper.getLabKeyTeamDevelopers() licenses PomFileHelper.getApacheLicense() organization PomFileHelper.getLabKeyOrganization() diff --git a/server/embedded/src/org/labkey/embedded/LabKeyServer.java b/server/embedded/src/org/labkey/embedded/LabKeyServer.java index bb7370e99f..f0a0024e21 100644 --- a/server/embedded/src/org/labkey/embedded/LabKeyServer.java +++ b/server/embedded/src/org/labkey/embedded/LabKeyServer.java @@ -45,7 +45,7 @@ public static void main(String[] args) return; } - // Issue 40038: Ride-or-die Mode - default to shutting down by default in embedded deployment scenario + // Issue 40038: Ride-or-die Mode - default to shutting down by default if (System.getProperty(TERMINATE_ON_STARTUP_FAILURE) == null) { System.setProperty(TERMINATE_ON_STARTUP_FAILURE, "true"); @@ -70,7 +70,7 @@ public static void main(String[] args) String baseCsp = """ default-src 'self' ; connect-src 'self' ${CONNECTION.SOURCES} ; - object-src 'none' ; + object-src ${OBJECT.SOURCES} ; /* Substitution value defaults to 'none' unless overridden by an admin */ style-src 'self' 'unsafe-inline' ${STYLE.SOURCES} ; img-src 'self' data: ${IMAGE.SOURCES} ; font-src 'self' data: ${FONT.SOURCES} ; @@ -862,5 +862,4 @@ public void setKeyStore(String keyStore) this.keyStore = keyStore; } } - } diff --git a/server/embedded/src/org/labkey/embedded/LabKeyTomcatServletWebServerFactory.java b/server/embedded/src/org/labkey/embedded/LabKeyTomcatServletWebServerFactory.java index 112cca31f7..40ad299e3b 100644 --- a/server/embedded/src/org/labkey/embedded/LabKeyTomcatServletWebServerFactory.java +++ b/server/embedded/src/org/labkey/embedded/LabKeyTomcatServletWebServerFactory.java @@ -275,7 +275,7 @@ private void addContextProperty(StandardContext context, String value, String na } } - // Issue 48565: allow for JSON-formatted access logs in embedded tomcat + // Issue 48565: allow for JSON-formatted access logs private void configureJsonAccessLogging(Tomcat tomcat, LabKeyServer.JsonAccessLog logConfig) { var v = new JsonAccessLogValve(); From e26d7b158478de870ddd66d12dd95f4e95649923 Mon Sep 17 00:00:00 2001 From: Adam Rauch Date: Tue, 1 Jul 2025 15:15:37 -0700 Subject: [PATCH 2/2] Comment dropped in merge from 25.3 --- server/configs/application.properties | 1 + 1 file changed, 1 insertion(+) diff --git a/server/configs/application.properties b/server/configs/application.properties index 654295dae7..fdf7676483 100644 --- a/server/configs/application.properties +++ b/server/configs/application.properties @@ -46,6 +46,7 @@ context.encryptionKey=@@encryptionKey@@ ## By default, we serve LabKey at the root context path (e.g. http://localhost:8080) ## You may customize the context path if you wish (e.g. http://localhost:8080/labkey) +## The context path value must start with a slash #context.contextPath=@@contextPath@@ ## Using a legacy context path provides backwards compatibility with old deployments. A typical use case would be to