Checking again.. Has anyone got a chance to fix CORS issue on Zeppelin? On Wed., 5 Dec. 2018, 5:55 pm Bicky Ealias <bickyeal...@gmail.com wrote:
> Hello users, > Has anyone succeeded in hardening Zeppelin against CORS vulnerability? > ---------- Forwarded message --------- > > *From: *Jeff Zhang <zjf...@gmail.com> > *Date: *Tuesday, 4 December 2018 at 5:05 pm > *To: *"Ealias, Bicky" <bicky.eal...@cba.com.au> > *Subject: *Re: CORS policy in Zeppelin > > > > Sorry,I don't know about this, could you ask this in zeppelin user mail > list ? > > > > Ealias, Bicky <bicky.eal...@cba.com.au> 于2018年12月4日周二 上午10:55写道: > > Hi Jeff, > > Hope you are doing well. > > Recently we had penetration testing done on zeppelin,and one vulnerability > that came forward is issue with Zeppelin’s HTML2 CORS policy, > > We are on version 0.8.0.I added these configurations as per the > documentation: > > > > > https://zeppelin.apache.org/docs/0.8.0/setup/security/http_security_headers.html > But still that doesn’t seem to fix the issue. > > https://issues.apache.org/jira/browse/ZEPPELIN-245 I see this ticket but > the comment says its fixed in 0.6.0 already. > > ..Are there some other settings I can change? > > > > > > > > *CommonwealthBank* > > [image: cid:image001.png@01D40715.7FFFB880] > > Bicky Eailas > Analytics & Information > Level 17, 255 Pitt St, Sydney NSW 2000 > M: 0406949642 > E: bicky.eal...@cba.com.au > > *Our vision…To excel at securing and enhancing the **financial wellbeing** of > people, businesses and communities.* > > > > [image: cid:image003.png@01D40715.A8C27190] > > > > ************** IMPORTANT MESSAGE ***************************** > This e-mail message is intended only for the addressee(s) and contains > information which may be > confidential. > If you are not the intended recipient please advise the sender by return > email, do not use or > disclose the contents, and delete the message and any attachments from > your system. Unless > specifically indicated, this email does not constitute formal advice or > commitment by the sender > or the Commonwealth Bank of Australia (ABN 48 123 123 124 AFSL and > Australian credit licence 234945) > or its subsidiaries. > We can be contacted through our web site: commbank.com.au. > If you no longer wish to receive commercial electronic messages from us, > please reply to this > e-mail by typing Unsubscribe in the subject line. > ************************************************************** > > > > > -- > > Best Regards > > Jeff Zhang > > ************** IMPORTANT MESSAGE ***************************** > This e-mail message is intended only for the addressee(s) and contains > information which may be > confidential. > If you are not the intended recipient please advise the sender by return > email, do not use or > disclose the contents, and delete the message and any attachments from > your system. Unless > specifically indicated, this email does not constitute formal advice or > commitment by the sender > or the Commonwealth Bank of Australia (ABN 48 123 123 124 AFSL and > Australian credit licence 234945) > or its subsidiaries. > We can be contacted through our web site: commbank.com.au. > If you no longer wish to receive commercial electronic messages from us, > please reply to this > e-mail by typing Unsubscribe in the subject line. > ************************************************************** >