[GitHub] spark pull request #19419: [SPARK-22188] [CORE] Adding security headers for ...

jerryshao Sun, 08 Oct 2017 19:31:11 -0700

Github user jerryshao commented on a diff in the pull request:

    https://github.com/apache/spark/pull/19419#discussion_r143377976
  
    --- Diff: core/src/main/scala/org/apache/spark/ui/JettyUtils.scala ---
    @@ -89,6 +92,9 @@ private[spark] object JettyUtils extends Logging {
                 val result = servletParams.responder(request)
                 response.setHeader("Cache-Control", "no-cache, no-store, 
must-revalidate")
                 response.setHeader("X-Frame-Options", xFrameOptionsValue)
    +            
xXssProtectionValue.foreach(response.setHeader("X-XSS-Protection", _))
    +            
xContentTypeOptionsValue.foreach(response.setHeader("X-Content-Type-Options", 
_))
    +            
strictTransportSecurityValue.foreach(response.setHeader("Strict-Transport-Security",
 _))
    --- End diff --
    
    The changes here will also affect HTTP request, is that OK?
    
    Also is it enough to only change the GET request?



---

---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org

[GitHub] spark pull request #19419: [SPARK-22188] [CORE] Adding security headers for ...

Reply via email to