thenatog commented on a change in pull request #3273: NIFI-5968 - Added the
X-XSS-Protection and Strict-Transport-Security …
URL: https://github.com/apache/nifi/pull/3273#discussion_r250225707
##########
File path:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
##########
@@ -583,13 +586,7 @@ private WebAppContext loadWar(final File warFile, final
String contextPath, fina
// configure the max form size (3x the default)
webappContext.setMaxFormContentSize(600000);
- // add a filter to set the X-Frame-Options filter
- webappContext.addFilter(new FilterHolder(FRAME_OPTIONS_FILTER), "/*",
EnumSet.allOf(DispatcherType.class));
-
- // add a filter to set the Content Security Policy frame-ancestors
directive
- FilterHolder cspFilter = new FilterHolder(new
ContentSecurityPolicyFilter());
- cspFilter.setName(ContentSecurityPolicyFilter.class.getSimpleName());
- webappContext.addFilter(cspFilter, "/*",
EnumSet.allOf(DispatcherType.class));
+ addHTTPHeaders(webappContext);
Review comment:
Ah yes, I thought about that and then forgot. I'll look more into that.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
