alopresto commented on a change in pull request #3273: NIFI-5968 - Added the
X-XSS-Protection and Strict-Transport-Security …
URL: https://github.com/apache/nifi/pull/3273#discussion_r251666039
##########
File path:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
##########
@@ -586,7 +586,14 @@ private WebAppContext loadWar(final File warFile, final
String contextPath, fina
// configure the max form size (3x the default)
webappContext.setMaxFormContentSize(600000);
- addHTTPHeaders(webappContext);
+ ArrayList<Class<? extends Filter>> filters = new ArrayList<>();
Review comment:
I think you could do
```
final String ALL_PATHS = "/*";
List<Class<? extends Filter>> filters = new ArrayList<Class<? extends
Filter>>(Arrays.asList(XFrameOptionsFilter.class,
ContentSecurityPolicyFilter.class, XSSProtectionFilter.class));
if (props.isHTTPSConfigured()) {
filters.add(StrictTransportSecurityFilter.class);
}
filters.forEach { (filter) -> addFilters(filter, ALL_PATHS, webappContext));
```
That will create an `ArrayList` around the original `array` but allow for
modification (_i.e. adding the STS filter if necessary_).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
