You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@drill.apache.org by "Dmytro Kondriukov (Jira)" <ji...@apache.org> on 2020/03/18 09:07:00 UTC
[jira] [Resolved] (DRILL-7646) Resources types: *.ttf and
data:image/gif received without response headers
[ https://issues.apache.org/jira/browse/DRILL-7646?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dmytro Kondriukov resolved DRILL-7646.
--------------------------------------
Resolution: Not A Bug
those resources taken from browser cache, not send by server.
not a bug
> Resources types: *.ttf and data:image/gif received without response headers
> ---------------------------------------------------------------------------
>
> Key: DRILL-7646
> URL: https://issues.apache.org/jira/browse/DRILL-7646
> Project: Apache Drill
> Issue Type: Bug
> Affects Versions: 1.17.0
> Reporter: Dmytro Kondriukov
> Priority: Major
>
> *Preconditions:*
> drill-override.conf
> {noformat}
> drill.exec: {
> cluster-id: "drillbits1",
> zk.connect: "localhost:5181"
> impersonation: {
> enabled: true,
> max_chained_user_hops: 3
> },
> security: {
> auth.mechanisms : ["PLAIN"],
> },
> security.user.auth: {
> enabled: true,
> packages += "org.apache.drill.exec.rpc.user.security",
> impl: "pam4j",
> pam_profiles: [ "sudo", "login" ]
> }
> http: {
> ssl_enabled: true,.
> jetty.server.response.headers: {
> "X-XSS-Protection": "1; mode=block",
> "X-Content-Type-Options": "nosniff",
> "Strict-Transport-Security": "max-age=31536000;includeSubDomains",
> "Content-Security-Policy": "default-src https:; script-src 'unsafe-inline' https:; style-src 'unsafe-inline' https:; font-src data: https:; img-src data: https:"
> }
> }
> }
> {noformat}
> Steps:
> # Open in Browser console tab "network"
> # Inspect web resources for presence response headers:
> * X-XSS-Protection
> * X-Content-Type-Options
> * Strict-Transport-Security
> * Content-Security-Policy
> *Expected result:* all resources are having tested headers
> *Actual result:* Drillbit Web-IU send *.ttf and data:image/gif without response header
> and some *.woff resources when user performed logout.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)