[GitHub] spark pull request #19419: Adding security headers for preventing XSS, MitM ...

Tue, 03 Oct 2017 06:23:57 -0700 

GitHub user krishna-pandey opened a pull request:

    https://github.com/apache/spark/pull/19419

    Adding security headers for preventing XSS, MitM and MIME sniffing

    ## What changes were proposed in this pull request?
    
    The HTTP Strict-Transport-Security response header (often abbreviated as 
HSTS) is a security feature that lets a web site tell browsers that it should 
only be communicated with using HTTPS, instead of using HTTP.
    
    Note: The Strict-Transport-Security header is ignored by the browser when 
your site is accessed using HTTP; this is because an attacker may intercept 
HTTP connections and inject the header or remove it. When your site is accessed 
over HTTPS with no certificate errors, the browser knows your site is HTTPS 
capable and will honor the Strict-Transport-Security header.
    
    The HTTP X-XSS-Protection response header is a feature of Internet 
Explorer, Chrome and Safari that stops pages from loading when they detect 
reflected cross-site scripting (XSS) attacks.
    
    The HTTP X-Content-Type-Options response header is used to protect against 
MIME sniffing vulnerabilities.
    
    ## How was this patch tested?
    Checked on my system locally.
    
    <img width="750" alt="screen shot 2017-10-03 at 6 49 20 pm" 
src="https://user-images.githubusercontent.com/6433184/31127234-eadf7c0c-a86b-11e7-8e5d-f6ea3f97b210.png";>
    
    
    Please review http://spark.apache.org/contributing.html before opening a 
pull request.


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/krishna-pandey/spark SPARK-22188

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/spark/pull/19419.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #19419
    
----
commit abb081df1f93fea38b611bcbfe563606783420fd
Author: krishna-pandey <krish.pande...@gmail.com>
Date:   2017-10-03T13:13:27Z

    Adding security headers for preventing XSS, MitM and MIME sniffing

----


---

---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org

Reply via email to