You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2023/05/17 01:40:00 UTC

[jira] [Created] (NIFI-11558) Apply Security Headers to All Responses from Registry

David Handermann created NIFI-11558:
---------------------------------------

             Summary: Apply Security Headers to All Responses from Registry
                 Key: NIFI-11558
                 URL: https://issues.apache.org/jira/browse/NIFI-11558
             Project: Apache NiFi
          Issue Type: Improvement
          Components: NiFi Registry, Security
            Reporter: David Handermann
            Assignee: David Handermann


NiFi Registry has a common set of filters that apply several standard security-related HTTP headers to responses. The Jetty Server configuration applies these headers to the Registry API and UI applications, but requests to the root path do not return these headers, which can be misleading to some automated security scanners. For a consistent approach, the security-related headers should be applied using a Jetty Handler that works for all requests and responses.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)