Github user krishna-pandey commented on a diff in the pull request: https://github.com/apache/spark/pull/19419#discussion_r142445649 --- Diff: conf/spark-defaults.conf.template --- @@ -19,9 +19,16 @@ # This is useful for setting default environmental settings. # Example: -# spark.master spark://master:7077 -# spark.eventLog.enabled true -# spark.eventLog.dir hdfs://namenode:8021/directory -# spark.serializer org.apache.spark.serializer.KryoSerializer -# spark.driver.memory 5g -# spark.executor.extraJavaOptions -XX:+PrintGCDetails -Dkey=value -Dnumbers="one two three" +# spark.master spark://master:7077 +# spark.eventLog.enabled true +# spark.eventLog.dir hdfs://namenode:8021/directory +# spark.serializer org.apache.spark.serializer.KryoSerializer +# spark.driver.memory 5g +# spark.executor.extraJavaOptions -XX:+PrintGCDetails -Dkey=value -Dnumbers="one two three" + +#spark.ui.allowFramingFrom https://example.com/ +#spark.ui.xXssProtection.enabled 1; mode=block +#spark.ui.xContentType.options nosniff + +#Enable below only when Spark is running on HTTPS +#spark.ui.strictTransportSecurity.age max-age=31536000 --- End diff -- Yes, "max-age" need to be part of user-supplied string. Possible values can be one from the below set, default one mentioned in template is for optimum secure value commonly used. Strict-Transport-Security: {max-age=\<expire-time\> | max-age=\<expire-time\>; includeSubDomains | max-age=\<expire-time\>; preload} Value is in delta-seconds. More here https://tools.ietf.org/html/rfc6797#section-6.1.1
--- --------------------------------------------------------------------- To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org For additional commands, e-mail: reviews-h...@spark.apache.org