This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git
commit a06bc6327ddfa26c97b20c372c9be65f961e58ab Author: Nitin Galave <ni3gal...@apache.org> AuthorDate: Mon Oct 11 17:35:21 2021 +0530 RANGER-3443 : "X-Permitted-Cross-Domain-Policies" header not set by Ranger UI Signed-off-by: pradeep <prad...@apache.org> --- .../ranger/security/web/filter/RangerSecurityContextFormationFilter.java | 1 + 1 file changed, 1 insertion(+) diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java index c508579..9f83daf 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java @@ -138,6 +138,7 @@ public class RangerSecurityContextFormationFilter extends GenericFilterBean { res.setHeader("X-XSS-Protection", "1; mode=block"); res.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains"); res.setHeader("Content-Security-Policy", "default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline';font-src 'self'"); + res.setHeader("X-Permitted-Cross-Domain-Policies", "none"); chain.doFilter(request, res); } finally {