[GitHub] spark pull request #19419: [SPARK-22188] [CORE] Adding security headers for ...

dongjoon-hyun Thu, 05 Oct 2017 13:32:39 -0700

Github user dongjoon-hyun commented on a diff in the pull request:

    https://github.com/apache/spark/pull/19419#discussion_r143048963
  
    --- Diff: core/src/main/scala/org/apache/spark/ui/JettyUtils.scala ---
    @@ -89,6 +92,15 @@ private[spark] object JettyUtils extends Logging {
                 val result = servletParams.responder(request)
                 response.setHeader("Cache-Control", "no-cache, no-store, 
must-revalidate")
                 response.setHeader("X-Frame-Options", xFrameOptionsValue)
    +            if (xXssProtectionValue.isDefined) {
    +              response.setHeader("X-XSS-Protection", 
xXssProtectionValue.get)
    +            }
    +            if (xContentTypeOptionsValue.isDefined) {
    +              response.setHeader("X-Content-Type-Options", 
xContentTypeOptionsValue.get)
    +            }
    +            if (strictTransportSecurityValue.isDefined) {
    +              response.setHeader("Strict-Transport-Security", 
strictTransportSecurityValue.get)
    +            }
    --- End diff --
    
    Can we simplify line 95~103 into the following?
    ```scala
    xXssProtectionValue.foreach(response.setHeader("X-XSS-Protection", _))
    
xContentTypeOptionsValue.foreach(response.setHeader("X-Content-Type-Options", 
_))
    
strictTransportSecurityValue.foreach(response.setHeader("Strict-Transport-Security",
 _))
    ```



---

---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org

[GitHub] spark pull request #19419: [SPARK-22188] [CORE] Adding security headers for ...

Reply via email to