[
https://issues.apache.org/jira/browse/HBASE-14148?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14705402#comment-14705402
]
Hudson commented on HBASE-14148:
--------------------------------
FAILURE: Integrated in HBase-1.2 #122 (See
[https://builds.apache.org/job/HBase-1.2/122/])
HBASE-14148 Default HBase web pages to be non-framable. (busbey: rev
c182e9967677322c1a5633a04eddfcfdc05fbdbc)
* hbase-server/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java
*
hbase-server/src/main/java/org/apache/hadoop/hbase/http/ClickjackingPreventionFilter.java
* hbase-server/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java
> Web UI Framable Page
> --------------------
>
> Key: HBASE-14148
> URL: https://issues.apache.org/jira/browse/HBASE-14148
> Project: HBase
> Issue Type: Improvement
> Reporter: Apekshit Sharma
> Assignee: Gabor Liptak
> Fix For: 2.0.0, 1.2.0, 1.3.0
>
> Attachments: HBASE-14148-cleanroom.1.patch,
> HBASE-14148-cleanroom.2.patch, HBASE-14148-cleanroom.3.patch,
> HBASE-14148-master.patch, HBASE-14148-v2-master.patch,
> HBASE-14148-v3-master.patch
>
>
> The web UIs do not include the "X-Frame-Options" header to prevent the pages
> from being framed from another site.
> Reference:
> https://www.owasp.org/index.php/Clickjacking
> https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
> https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
