You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2023/05/17 01:40:00 UTC
[jira] [Created] (NIFI-11558) Apply Security Headers to All Responses from Registry
David Handermann created NIFI-11558:
---------------------------------------
Summary: Apply Security Headers to All Responses from Registry
Key: NIFI-11558
URL: https://issues.apache.org/jira/browse/NIFI-11558
Project: Apache NiFi
Issue Type: Improvement
Components: NiFi Registry, Security
Reporter: David Handermann
Assignee: David Handermann
NiFi Registry has a common set of filters that apply several standard security-related HTTP headers to responses. The Jetty Server configuration applies these headers to the Registry API and UI applications, but requests to the root path do not return these headers, which can be misleading to some automated security scanners. For a consistent approach, the security-related headers should be applied using a Jetty Handler that works for all requests and responses.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)