[GitHub] spark pull request #19419: [SPARK-22188] [CORE] Adding security headers for ...

Tue, 03 Oct 2017 09:01:36 -0700 

Github user krishna-pandey commented on a diff in the pull request:

    https://github.com/apache/spark/pull/19419#discussion_r142445649
  
    --- Diff: conf/spark-defaults.conf.template ---
    @@ -19,9 +19,16 @@
     # This is useful for setting default environmental settings.
     
     # Example:
    -# spark.master                     spark://master:7077
    -# spark.eventLog.enabled           true
    -# spark.eventLog.dir               hdfs://namenode:8021/directory
    -# spark.serializer                 
org.apache.spark.serializer.KryoSerializer
    -# spark.driver.memory              5g
    -# spark.executor.extraJavaOptions  -XX:+PrintGCDetails -Dkey=value 
-Dnumbers="one two three"
    +# spark.master                          spark://master:7077
    +# spark.eventLog.enabled                true
    +# spark.eventLog.dir                    hdfs://namenode:8021/directory
    +# spark.serializer                      
org.apache.spark.serializer.KryoSerializer
    +# spark.driver.memory                   5g
    +# spark.executor.extraJavaOptions       -XX:+PrintGCDetails -Dkey=value 
-Dnumbers="one two three"
    +
    +#spark.ui.allowFramingFrom              https://example.com/
    +#spark.ui.xXssProtection.enabled        1; mode=block
    +#spark.ui.xContentType.options          nosniff
    +
    +#Enable below only when Spark is running on HTTPS
    +#spark.ui.strictTransportSecurity.age   max-age=31536000
    --- End diff --
    
    Yes, "max-age" need to be part of user-supplied string. Possible values can 
be one from the below set, default one mentioned in template is for optimum 
secure value commonly used.
    
    Strict-Transport-Security: {max-age=\<expire-time\> | 
max-age=\<expire-time\>; includeSubDomains | max-age=\<expire-time\>; preload}
    
    
    Value is in delta-seconds. More here 
https://tools.ietf.org/html/rfc6797#section-6.1.1


---

---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org

Reply via email to