[ https://issues.apache.org/jira/browse/NIFI-5968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16762256#comment-16762256 ]
ASF subversion and git services commented on NIFI-5968: ------------------------------------------------------- Commit f81d6bd63b50c27dc62aabb85a6d864db991c9dd in nifi's branch refs/heads/master from thenatog [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=f81d6bd ] NIFI-5968 - Added the X-XSS-Protection and Strict-Transport-Security HTTP headers using Jetty Filters. Added some tests. Removed bad test. Refactored filter creation method. Ensure HSTS header is only applied if NiFi is secured with HTTPS Small changes to header array list. Fixed checkstyle errors. This closes #3273. Signed-off-by: Andy LoPresto <alopre...@apache.org> > Add standard HTTP security headers > ---------------------------------- > > Key: NIFI-5968 > URL: https://issues.apache.org/jira/browse/NIFI-5968 > Project: Apache NiFi > Issue Type: Improvement > Reporter: Nathan Gough > Assignee: Nathan Gough > Priority: Major > Time Spent: 4h 20m > Remaining Estimate: 0h > > Some HTTP security headers could be added to improve NiFi security stance. > These include: Strict-Transport-Security (HSTS), X-XSS-Protection, and > Content-Security-Policy. -- This message was sent by Atlassian JIRA (v7.6.3#76005)