[jira] [Updated] (YARN-8198) Add Security-Related HTTP Response Header in Yarn WEBUIs.
[ https://issues.apache.org/jira/browse/YARN-8198?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kanwaljeet Sachdev updated YARN-8198: - Attachment: YARN-8198.005.patch > Add Security-Related HTTP Response Header in Yarn WEBUIs. > - > > Key: YARN-8198 > URL: https://issues.apache.org/jira/browse/YARN-8198 > Project: Hadoop YARN > Issue Type: Improvement > Components: yarn >Reporter: Kanwaljeet Sachdev >Assignee: Kanwaljeet Sachdev >Priority: Major > Labels: security > Attachments: YARN-8198.001.patch, YARN-8198.002.patch, > YARN-8198.003.patch, YARN-8198.004.patch, YARN-8198.005.patch > > > As of today, YARN web-ui lacks certain security related http response > headers. We are planning to add few default ones and also add support for > headers to be able to get added via xml config. Planning to make the below > two as default. > * X-XSS-Protection: 1; mode=block > * X-Content-Type-Options: nosniff > > Support for headers via config properties in core-site.xml will be along the > below lines > {code:java} > > hadoop.http.header.Strict_Transport_Security > valHSTSFromXML > {code} > > A regex matcher will lift these properties and add into the response header > when Jetty prepares the response. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Updated] (YARN-8198) Add Security-Related HTTP Response Header in Yarn WEBUIs.
[ https://issues.apache.org/jira/browse/YARN-8198?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kanwaljeet Sachdev updated YARN-8198: - Attachment: YARN-8198.004.patch > Add Security-Related HTTP Response Header in Yarn WEBUIs. > - > > Key: YARN-8198 > URL: https://issues.apache.org/jira/browse/YARN-8198 > Project: Hadoop YARN > Issue Type: Improvement > Components: yarn >Reporter: Kanwaljeet Sachdev >Assignee: Kanwaljeet Sachdev >Priority: Major > Labels: security > Attachments: YARN-8198.001.patch, YARN-8198.002.patch, > YARN-8198.003.patch, YARN-8198.004.patch > > > As of today, YARN web-ui lacks certain security related http response > headers. We are planning to add few default ones and also add support for > headers to be able to get added via xml config. Planning to make the below > two as default. > * X-XSS-Protection: 1; mode=block > * X-Content-Type-Options: nosniff > > Support for headers via config properties in core-site.xml will be along the > below lines > {code:java} > > hadoop.http.header.Strict_Transport_Security > valHSTSFromXML > {code} > > A regex matcher will lift these properties and add into the response header > when Jetty prepares the response. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Updated] (YARN-8198) Add Security-Related HTTP Response Header in Yarn WEBUIs.
[ https://issues.apache.org/jira/browse/YARN-8198?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kanwaljeet Sachdev updated YARN-8198: - Attachment: YARN-8198.003.patch > Add Security-Related HTTP Response Header in Yarn WEBUIs. > - > > Key: YARN-8198 > URL: https://issues.apache.org/jira/browse/YARN-8198 > Project: Hadoop YARN > Issue Type: Improvement > Components: yarn >Reporter: Kanwaljeet Sachdev >Assignee: Kanwaljeet Sachdev >Priority: Major > Labels: security > Attachments: YARN-8198.001.patch, YARN-8198.002.patch, > YARN-8198.003.patch > > > As of today, YARN web-ui lacks certain security related http response > headers. We are planning to add few default ones and also add support for > headers to be able to get added via xml config. Planning to make the below > two as default. > * X-XSS-Protection: 1; mode=block > * X-Content-Type-Options: nosniff > > Support for headers via config properties in core-site.xml will be along the > below lines > {code:java} > > hadoop.http.header.Strict_Transport_Security > valHSTSFromXML > {code} > > A regex matcher will lift these properties and add into the response header > when Jetty prepares the response. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Updated] (YARN-8198) Add Security-Related HTTP Response Header in Yarn WEBUIs.
[ https://issues.apache.org/jira/browse/YARN-8198?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kanwaljeet Sachdev updated YARN-8198: - Attachment: YARN-8198.002.patch > Add Security-Related HTTP Response Header in Yarn WEBUIs. > - > > Key: YARN-8198 > URL: https://issues.apache.org/jira/browse/YARN-8198 > Project: Hadoop YARN > Issue Type: Improvement > Components: yarn >Reporter: Kanwaljeet Sachdev >Assignee: Kanwaljeet Sachdev >Priority: Major > Labels: security > Attachments: YARN-8198.001.patch, YARN-8198.002.patch > > > As of today, YARN web-ui lacks certain security related http response > headers. We are planning to add few default ones and also add support for > headers to be able to get added via xml config. Planning to make the below > two as default. > * X-XSS-Protection: 1; mode=block > * X-Content-Type-Options: nosniff > > Support for headers via config properties in core-site.xml will be along the > below lines > {code:java} > > hadoop.http.header.Strict_Transport_Security > valHSTSFromXML > {code} > > A regex matcher will lift these properties and add into the response header > when Jetty prepares the response. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Updated] (YARN-8198) Add Security-Related HTTP Response Header in Yarn WEBUIs.
[ https://issues.apache.org/jira/browse/YARN-8198?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kanwaljeet Sachdev updated YARN-8198: - Attachment: YARN-8198.001.patch > Add Security-Related HTTP Response Header in Yarn WEBUIs. > - > > Key: YARN-8198 > URL: https://issues.apache.org/jira/browse/YARN-8198 > Project: Hadoop YARN > Issue Type: Improvement > Components: yarn >Reporter: Kanwaljeet Sachdev >Assignee: Kanwaljeet Sachdev >Priority: Major > Labels: security > Attachments: YARN-8198.001.patch > > > As of today, YARN web-ui lacks certain security related http response > headers. We are planning to add few default ones and also add support for > headers to be able to get added via xml config. Planning to make the below > two as default. > * X-XSS-Protection: 1; mode=block > * X-Content-Type-Options: nosniff > > Support for headers via config properties in core-site.xml will be along the > below lines > {code:java} > > hadoop.http.header.Strict_Transport_Security > valHSTSFromXML > {code} > > A regex matcher will lift these properties and add into the response header > when Jetty prepares the response. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org