[GitHub] thenatog commented on a change in pull request #3273: NIFI-5968 - Added the X-XSS-Protection and Strict-Transport-Security …

GitBox Mon, 28 Jan 2019 10:13:28 -0800

thenatog commented on a change in pull request #3273: NIFI-5968 - Added the 
X-XSS-Protection and Strict-Transport-Security …
URL: https://github.com/apache/nifi/pull/3273#discussion_r251531600


 ##########
 File path: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
 ##########
 @@ -602,6 +599,28 @@ private WebAppContext loadWar(final File warFile, final 
String contextPath, fina
         return webappContext;
     }
 
+    private void addHTTPHeaders(WebAppContext webappContext) {
+        // Add a filter to set the X-Frame-Options header
+        FilterHolder xfoFilter = new FilterHolder(new XFrameOptionsFilter());
 
 Review comment:
   I could potentially drop that and do a much simpler add to the webappContext?

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

[GitHub] thenatog commented on a change in pull request #3273: NIFI-5968 - Added the X-XSS-Protection and Strict-Transport-Security …

Reply via email to