Cockpit 221

Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 221.

Support for Cross-Origin-Resource-Policy

Cockpit’s web server now sets the Cross-Origin-Resource-Policy header to same-origin. Web browsers use this header to prevent other web sites from loading individual HTML, JavaScript, or image resources from Cockpit via <img>, <script>, or similar tags. This is mostly a precaution – currently there are no known vulnerabilities with including resources that way, but as this is not a legitimate use case, there is no reason to allow it.

Accounts: Hide some buttons when access is limited

Instead of disabling the appropriate buttons when the logged in user doesn’t have administrative access, they will now simply disappear. This is a general theme that we want to roll out all over Cockpit. The Overview, Storage, and Network pages have already been changed like this in earlier releases.

Developers: Importing “base1/patternfly.css” is deprecated

This pre-compiled stylesheet will be dropped in the future in favor of projects shipping their own CSS. This API is not maintainable, as Cockpit cannot offer a PatternFly 3 API forever, and PatternFly 4 also changes quickly enough that one style sheet for all projects is not robust enough.

The Cockpit plugins that are using only PatternFly 4 should follow the example from starter-kit on how to import PatternFly 4 stylesheets. g The Cockpit plugins which are still relying on PatternFly 3 should follow the migration from the deprecated API to the new PatternFly stylesheet import approach as implemented in this cockpit-podman commit.

Try it out

Cockpit 221 is available now: