Sean Owen created SPARK-10589: --------------------------------- Summary: Add defense against external site framing Key: SPARK-10589 URL: https://issues.apache.org/jira/browse/SPARK-10589 Project: Spark Issue Type: Bug Components: Web UI Affects Versions: 1.5.0 Reporter: Sean Owen Assignee: Sean Owen Priority: Minor
This came up as a minor point during a security audit using a common scanning tool: It's best if Spark UIs try to actively defend against certain types of frame-related vulnerabilities by setting X-Frame-Options. See https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet Easy PR coming ... -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org