David Handermann created NIFI-11558:
---------------------------------------
Summary: Apply Security Headers to All Responses from Registry
Key: NIFI-11558
URL: https://issues.apache.org/jira/browse/NIFI-11558
Project: Apache NiFi
Issue Type: Improvement
Components: NiFi Registry, Security
Reporter: David Handermann
Assignee: David Handermann
NiFi Registry has a common set of filters that apply several standard
security-related HTTP headers to responses. The Jetty Server configuration
applies these headers to the Registry API and UI applications, but requests to
the root path do not return these headers, which can be misleading to some
automated security scanners. For a consistent approach, the security-related
headers should be applied using a Jetty Handler that works for all requests and
responses.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
