alopresto commented on a change in pull request #3273: NIFI-5968 - Added the X-XSS-Protection and Strict-Transport-Security … URL: https://github.com/apache/nifi/pull/3273#discussion_r251666039
########## File path: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java ########## @@ -586,7 +586,14 @@ private WebAppContext loadWar(final File warFile, final String contextPath, fina // configure the max form size (3x the default) webappContext.setMaxFormContentSize(600000); - addHTTPHeaders(webappContext); + ArrayList<Class<? extends Filter>> filters = new ArrayList<>(); Review comment: I think you could do ``` final String ALL_PATHS = "/*"; List<Class<? extends Filter>> filters = new ArrayList<Class<? extends Filter>>(Arrays.asList(XFrameOptionsFilter.class, ContentSecurityPolicyFilter.class, XSSProtectionFilter.class)); if (props.isHTTPSConfigured()) { filters.add(StrictTransportSecurityFilter.class); } filters.forEach { (filter) -> addFilters(filter, ALL_PATHS, webappContext)); ``` That will create an `ArrayList` around the original `array` but allow for modification (_i.e. adding the STS filter if necessary_). ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services