Hello Wenzhe Zhou, Impala Public Jenkins, I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/18168 to look at the new patch set (#5). Change subject: IMPALA-11078 Add simple CSP header to webui. ...................................................................... IMPALA-11078 Add simple CSP header to webui. Content Security Policy (CSP) is a computer security standard designed to prevent cross-site scripting, clickjacking and other code injection attacks. CSP provides a method for websites to declare approved origins of content that browsers should be allowed to load on that website. A good resource is https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP If a page breaks the rules then the included script or css will typically not be run by the browser. In the Impala webui we use a CSP header to declare that all web content comes from the impalad, with some 'unsafe' inline code. A new server flag "--disable_content_security_policy_header=true" can be set to disable the emission of this header in case of any compatibility issues. A few small changes were needed to make this CSP header work. Chart.js was previously included via http, this was changed to being bundled like other javascript and css we use. Some dodgy array code that handles connection metrics was also fixed. TESTING: The main webui tests all now validate the CSP header is present. A test for the new flag is also added. Change-Id: Idc335d65b117661da0b420ddb7c9ccd80d8d76ab --- M LICENSE.txt M be/src/util/webserver.cc M bin/rat_exclude_files.txt M tests/custom_cluster/test_web_pages.py M tests/webserver/test_web_pages.py A www/Chart-2.7.3.min.js M www/admission_controller.tmpl M www/rpcz.tmpl 8 files changed, 86 insertions(+), 24 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/68/18168/5 -- To view, visit http://gerrit.cloudera.org:8080/18168 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newpatchset Gerrit-Change-Id: Idc335d65b117661da0b420ddb7c9ccd80d8d76ab Gerrit-Change-Number: 18168 Gerrit-PatchSet: 5 Gerrit-Owner: Andrew Sherman <asher...@cloudera.com> Gerrit-Reviewer: Impala Public Jenkins <impala-public-jenk...@cloudera.com> Gerrit-Reviewer: Wenzhe Zhou <wz...@cloudera.com>