...
- Check your JobScheduler release to identify the Jetty version used:
- Releases since 1.12.7 make use of Jetty 9.4.x due to vulnerability issues in previous Jetty releases:
Jira server SOS JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 6dc67751-9d67-34cd-985b-194a8cdc9602 key JOC-521 - Should you operate a JobScheduler release earlier than release 1.12.7 then please get in contact as this suggests to update to a later 1.12 LTS release or to a newer JobScheduler branch. Do not use the below instructions as they do not apply to earlier Jetty releases and as you should be more concerned about the Jetty vulnerability issues than use of security related Headers.
- Releases since 1.12.7 make use of Jetty 9.4.x due to vulnerability issues in previous Jetty releases:
- Open the file
$JETTY_BASE/start.ini
- Find the file
start.ini
- for Linux e.g. from
/home/[user]/sos-berlin.com/joc
- for Windows e.g. from
C:\ProgramData\sos-berlin.com\joc
- for Linux e.g. from
- Add to this file the line:
Code Block language text title Changes to start.ini --module=rewrite
- Find the file
- Open the file
$JETTY_HOME/etc/jetty-rewrite.xml
- Find a full sample of this file: jetty-rewrite.xml
- Find the file
jetty-rewrite.xml
- for Linux e.g. from
/opt/sos-berlin.com/joc/jetty/etc
- for Windows e.g. from
C:\Program Files\sos-berlin.com\joc\jetty\etc
- for Linux e.g. from
- Add to this file the lines:
Code Block language xml title Changes to jetty-rewrite.xml linenumbers true collapse true <!-- see rewrite-compactpath.xml for example how to add a rule --> <!-- Add security related headers for use with JOC Cockpit --> <Call name="addRule"> <Arg> <New id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule"> <Set name="pattern">*</Set> <Set name="name">X-XSS-Protection</Set> <Set name="value">1; mode=block</Set> </New> </Arg> </Call> <Call name="addRule"> <Arg> <New id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule"> <Set name="pattern">*</Set> <Set name="name">X-Content-Type-Options</Set> <Set name="value">nosniff</Set> </New> </Arg> </Call> <Call name="addRule"> <Arg> <New id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule"> <Set name="pattern">*</Set> <Set name="name">Content-Security-Policy</Set> <Set name="value">script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'</Set> </New> </Arg> </Call> <Call name="addRule"> <Arg> <New id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule"> <Set name="pattern">*</Set> <Set name="name">X-Frame-Options</Set> <Set name="value">sameorigin</Set> </New> </Arg> </Call> <Call name="addRule"> <Arg> <New id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule"> <Set name="pattern">*</Set> <Set name="name">Strict-Transport-Security</Set> <Set name="value">max-age=31536000;includeSubDomains</Set> </New> </Arg> </Call> <Call name="addRule"> <Arg> <New id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule"> <Set name="pattern">*</Set> <Set name="name">Permissions-Policy</Set> <Set name="value">accelerometer=(none), ambient-light-sensor=(none), animations=(none), autoplay=(none), camera=(none), cookie=(none), document-stream-insertion=(none), domain=(none), encrypted-media=(none), fullscreen=(none), geolocation=(none), gyroscope=(none); image-compression=(none), legacy-image-formats=(none), magnetometer=(none), max-downscaling-image=(none), microphone=(none), midi=(none), payment=(none), picture-in-picture=(none), speaker=(none), sync-script=(none), sync-xhr=(none), unsized-media=(none), usb=(none), vertical-scroll=(none), vr=(none)</Set> </New> </Arg> </Call> <Call name="addRule"> <Arg> <New id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule"> <Set name="pattern">*</Set> <Set name="name">Referrer-Policy</Set> <Set name="value">strict-origin-when-cross-origin</Set> </New> </Arg> </Call>
- In the
jetty-rewrite.xml
file insert the above XML elements within the element hierarchy like this:<Call name="insertHandler">
<Arg>
<New class="org.eclipse.jetty.rewrite.handler.RewriteHandler">
<Call name="addRule">
...
</Call>
- Restart JOC Cockpit.
...