[
https://issues.apache.org/jira/browse/ATLAS-5019?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Paresh Devalia updated ATLAS-5019:
----------------------------------
Description:
Currently, Apache Atlas does not include essential HTTP security headers
login.jsp page. This can expose the application to common web vulnerabilities.
* {{X-Frame-Options,}}
{{{}X-Content-Type-Options,{}}}{{{}X-XSS-Protection,{}}}
{{Content-Security-Policy}}
* In addition to these defaults, support is also added to configure *custom
HTTP headers* via the {{properties}} file using the {{atlas.headers.*}} prefix.
This allows users to define additional response headers as needed without
changing the codebase or override the header.
was:
Add HTTP security related headers to Atlas' API responses. This is because
Atlas doesn't add these header to all responses.
During login.jsp page in response currently we only set the
text/html, X-Frame-Options header.
Even the custom header need to be set from properties files.
> Add header in atlas login.jsp page
> ----------------------------------
>
> Key: ATLAS-5019
> URL: https://issues.apache.org/jira/browse/ATLAS-5019
> Project: Atlas
> Issue Type: Bug
> Reporter: Paresh Devalia
> Assignee: Paresh Devalia
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Currently, Apache Atlas does not include essential HTTP security headers
> login.jsp page. This can expose the application to common web vulnerabilities.
> * {{X-Frame-Options,}}
> {{{}X-Content-Type-Options,{}}}{{{}X-XSS-Protection,{}}}
> {{Content-Security-Policy}}
> * In addition to these defaults, support is also added to configure *custom
> HTTP headers* via the {{properties}} file using the {{atlas.headers.*}}
> prefix. This allows users to define additional response headers as needed
> without changing the codebase or override the header.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
