[ https://issues.apache.org/jira/browse/HADOOP-15457?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Kanter updated HADOOP-15457: ----------------------------------- Summary: Add Security-Related HTTP Response Header in WEBUIs. (was: Add Security-Related HTTP Response Header in Yarn WEBUIs.) > Add Security-Related HTTP Response Header in WEBUIs. > ---------------------------------------------------- > > Key: HADOOP-15457 > URL: https://issues.apache.org/jira/browse/HADOOP-15457 > Project: Hadoop Common > Issue Type: Improvement > Reporter: Kanwaljeet Sachdev > Assignee: Kanwaljeet Sachdev > Priority: Major > Labels: security > Attachments: HADOOP-15457.001.patch, HADOOP-15457.002.patch, > YARN-8198.001.patch, YARN-8198.002.patch, YARN-8198.003.patch, > YARN-8198.004.patch, YARN-8198.005.patch > > > As of today, YARN web-ui lacks certain security related http response > headers. We are planning to add few default ones and also add support for > headers to be able to get added via xml config. Planning to make the below > two as default. > * X-XSS-Protection: 1; mode=block > * X-Content-Type-Options: nosniff > > Support for headers via config properties in core-site.xml will be along the > below lines > {code:java} > <property> > <name>hadoop.http.header.Strict_Transport_Security</name> > <value>valHSTSFromXML</value> > </property>{code} > > A regex matcher will lift these properties and add into the response header > when Jetty prepares the response. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org