You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ranger.apache.org by pr...@apache.org on 2021/12/16 11:49:30 UTC

[ranger] 02/02: RANGER-3443 : "X-Permitted-Cross-Domain-Policies" header not set by Ranger UI

This is an automated email from the ASF dual-hosted git repository.

pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git

commit a06bc6327ddfa26c97b20c372c9be65f961e58ab
Author: Nitin Galave <ni...@apache.org>
AuthorDate: Mon Oct 11 17:35:21 2021 +0530

    RANGER-3443 : "X-Permitted-Cross-Domain-Policies" header not set by Ranger UI
    
    Signed-off-by: pradeep <pr...@apache.org>
---
 .../ranger/security/web/filter/RangerSecurityContextFormationFilter.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
index c508579..9f83daf 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
@@ -138,6 +138,7 @@ public class RangerSecurityContextFormationFilter extends GenericFilterBean {
 			res.setHeader("X-XSS-Protection", "1; mode=block");
 			res.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
 			res.setHeader("Content-Security-Policy", "default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline';font-src 'self'");
+			res.setHeader("X-Permitted-Cross-Domain-Policies", "none");
 			chain.doFilter(request, res);
 
 		} finally {