Todd Lipcon has submitted this change and it was merged. Change subject: webserver: add X-Frame-Options header ......................................................................
webserver: add X-Frame-Options header This adds a default 'DENY' header in order to prevent Kudu web pages from being put into cross-domain iframes. This can prevent clickjacking attacks, and generally considered a good idea for web security. See: https://www.owasp.org/index.php/Clickjacking Change-Id: Ie43ec476712c2574a4dc746dae6218f0a4195e09 Reviewed-on: http://gerrit.cloudera.org:8080/6215 Tested-by: Kudu Jenkins Reviewed-by: Dan Burkert <danburk...@apache.org> (cherry picked from commit f6a1a60760296e7014d5d7b04ce68d0835721da8) Reviewed-on: http://gerrit.cloudera.org:8080/6233 Reviewed-by: Todd Lipcon <t...@apache.org> --- M src/kudu/server/webserver-test.cc M src/kudu/server/webserver.cc M src/kudu/util/curl_util.cc M src/kudu/util/curl_util.h 4 files changed, 29 insertions(+), 12 deletions(-) Approvals: Todd Lipcon: Looks good to me, approved Kudu Jenkins: Verified -- To view, visit http://gerrit.cloudera.org:8080/6233 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ie43ec476712c2574a4dc746dae6218f0a4195e09 Gerrit-PatchSet: 2 Gerrit-Project: kudu Gerrit-Branch: branch-1.3.x Gerrit-Owner: Todd Lipcon <t...@apache.org> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Todd Lipcon <t...@apache.org>