[ https://issues.apache.org/jira/browse/HBASE-14148?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14705402#comment-14705402 ]
Hudson commented on HBASE-14148: -------------------------------- FAILURE: Integrated in HBase-1.2 #122 (See [https://builds.apache.org/job/HBase-1.2/122/]) HBASE-14148 Default HBase web pages to be non-framable. (busbey: rev c182e9967677322c1a5633a04eddfcfdc05fbdbc) * hbase-server/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java * hbase-server/src/main/java/org/apache/hadoop/hbase/http/ClickjackingPreventionFilter.java * hbase-server/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java > Web UI Framable Page > -------------------- > > Key: HBASE-14148 > URL: https://issues.apache.org/jira/browse/HBASE-14148 > Project: HBase > Issue Type: Improvement > Reporter: Apekshit Sharma > Assignee: Gabor Liptak > Fix For: 2.0.0, 1.2.0, 1.3.0 > > Attachments: HBASE-14148-cleanroom.1.patch, > HBASE-14148-cleanroom.2.patch, HBASE-14148-cleanroom.3.patch, > HBASE-14148-master.patch, HBASE-14148-v2-master.patch, > HBASE-14148-v3-master.patch > > > The web UIs do not include the "X-Frame-Options" header to prevent the pages > from being framed from another site. > Reference: > https://www.owasp.org/index.php/Clickjacking > https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet > https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options -- This message was sent by Atlassian JIRA (v6.3.4#6332)