----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70155/ -----------------------------------------------------------
(Updated March 8, 2019, 10:02 a.m.) Review request for oozie and Andras Salamon. Repository: oozie-git Description ------- As a security best practice we should add support for HSTS via oozie-site.xml in case of embedded Jetty. https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet http://www.eclipse.org/jetty/documentation/9.3.x/embedded-examples.html - this page is not available anymore https://www.eclipse.org/jetty/documentation/9.4.15.v20190215/embedded-examples.html Maybe we should even make it enabled by default when SSL is configured. Diffs (updated) ----- core/src/main/resources/oozie-default.xml c7f2becaa docs/src/site/markdown/AG_Install.md 270b98fb0 server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java 466cefc2e server/src/test/java/org/apache/oozie/server/TestSSLServerConnectorFactory.java f926a0910 Diff: https://reviews.apache.org/r/70155/diff/2/ Changes: https://reviews.apache.org/r/70155/diff/1-2/ Testing ------- Junit + manually tested Thanks, Kinga Marton
