You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Nitin Galave (Jira)" <ji...@apache.org> on 2021/10/11 12:07:00 UTC

[jira] [Updated] (RANGER-3443) "X-Permitted-Cross-Domain-Policies" header not set by Ranger UI

     [ https://issues.apache.org/jira/browse/RANGER-3443?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Nitin Galave updated RANGER-3443:
---------------------------------
    Attachment: 0001-RANGER-3443.patch

> "X-Permitted-Cross-Domain-Policies" header not set by Ranger UI
> ---------------------------------------------------------------
>
>                 Key: RANGER-3443
>                 URL: https://issues.apache.org/jira/browse/RANGER-3443
>             Project: Ranger
>          Issue Type: Improvement
>          Components: Ranger
>            Reporter: Nitin Galave
>            Assignee: Nitin Galave
>            Priority: Major
>         Attachments: 0001-RANGER-3443.patch
>
>
> Ranger does not return "X-Permitted-Cross-Domain-Policies" response header. OWASP best practices suggest explicitly setting this header to "none":
> {code:java}
> X-Permitted-Cross-Domain-Policies: none{code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)