You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2019/02/07 00:15:00 UTC

[jira] [Commented] (NIFI-5968) Add standard HTTP security headers

    [ https://issues.apache.org/jira/browse/NIFI-5968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16762256#comment-16762256 ] 

ASF subversion and git services commented on NIFI-5968:
-------------------------------------------------------

Commit f81d6bd63b50c27dc62aabb85a6d864db991c9dd in nifi's branch refs/heads/master from thenatog
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=f81d6bd ]

NIFI-5968 - Added the X-XSS-Protection and Strict-Transport-Security HTTP headers using Jetty Filters. Added some tests.
Removed bad test.
Refactored filter creation method.
Ensure HSTS header is only applied if NiFi is secured with HTTPS
Small changes to header array list.
Fixed checkstyle errors.

This closes #3273.

Signed-off-by: Andy LoPresto <al...@apache.org>


> Add standard HTTP security headers
> ----------------------------------
>
>                 Key: NIFI-5968
>                 URL: https://issues.apache.org/jira/browse/NIFI-5968
>             Project: Apache NiFi
>          Issue Type: Improvement
>            Reporter: Nathan Gough
>            Assignee: Nathan Gough
>            Priority: Major
>          Time Spent: 4h 20m
>  Remaining Estimate: 0h
>
> Some HTTP security headers could be added to improve NiFi security stance.
> These include: Strict-Transport-Security (HSTS), X-XSS-Protection, and Content-Security-Policy.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)