You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Nitin Galave (Jira)" <ji...@apache.org> on 2021/10/11 12:07:00 UTC
[jira] [Updated] (RANGER-3443) "X-Permitted-Cross-Domain-Policies"
header not set by Ranger UI
[ https://issues.apache.org/jira/browse/RANGER-3443?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nitin Galave updated RANGER-3443:
---------------------------------
Attachment: 0001-RANGER-3443.patch
> "X-Permitted-Cross-Domain-Policies" header not set by Ranger UI
> ---------------------------------------------------------------
>
> Key: RANGER-3443
> URL: https://issues.apache.org/jira/browse/RANGER-3443
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
> Reporter: Nitin Galave
> Assignee: Nitin Galave
> Priority: Major
> Attachments: 0001-RANGER-3443.patch
>
>
> Ranger does not return "X-Permitted-Cross-Domain-Policies" response header. OWASP best practices suggest explicitly setting this header to "none":
> {code:java}
> X-Permitted-Cross-Domain-Policies: none{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)