Github user krishna-pandey commented on a diff in the pull request:
https://github.com/apache/spark/pull/19419#discussion_r144204531
--- Diff: conf/spark-defaults.conf.template ---
@@ -25,3 +25,10 @@
# spark.serializer
org.apache.spark.serializer.KryoSerializer
# spark.driver.memory 5g
# spark.executor.extraJavaOptions -XX:+PrintGCDetails -Dkey=value
-Dnumbers="one two three"
+
+# spark.ui.allowFramingFrom https://www.example.com/
+# spark.ui.xXssProtection 1; mode=block
+# spark.ui.xContentType.options nosniff
+
+# Enable below only when Spark is running on HTTPS
+# spark.ui.strictTransportSecurity max-age=31536000
--- End diff --
The REQUIRED "max-age" directive specifies the number of seconds, after the
reception of the STS header field, during which the UA regards the host (from
whom the message was received) as a Known HSTS Host. Here the value is equal to
365 days. More at https://tools.ietf.org/html/rfc6797#section-6.1.1
---
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
