You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zeppelin.apache.org by mo...@apache.org on 2017/09/29 03:45:43 UTC
svn commit: r1810050 - in /zeppelin/site/docs/0.8.0-SNAPSHOT: development/
displaysystem/ install/ manual/ quickstart/ rest-api/ security/
setup/security/ storage/
Author: moon
Date: Fri Sep 29 03:45:43 2017
New Revision: 1810050
URL: http://svn.apache.org/viewvc?rev=1810050&view=rev
Log:
Remove unnecessary files, add missing file
Added:
zeppelin/site/docs/0.8.0-SNAPSHOT/setup/security/http_security_headers.html
Removed:
zeppelin/site/docs/0.8.0-SNAPSHOT/development/howtocontribute.html
zeppelin/site/docs/0.8.0-SNAPSHOT/development/howtocontributewebsite.html
zeppelin/site/docs/0.8.0-SNAPSHOT/development/writingzeppelinapplication.html
zeppelin/site/docs/0.8.0-SNAPSHOT/development/writingzeppelininterpreter.html
zeppelin/site/docs/0.8.0-SNAPSHOT/development/writingzeppelinspell.html
zeppelin/site/docs/0.8.0-SNAPSHOT/development/writingzeppelinvisualization.html
zeppelin/site/docs/0.8.0-SNAPSHOT/development/writingzeppelinvisualization_transformation.html
zeppelin/site/docs/0.8.0-SNAPSHOT/displaysystem/
zeppelin/site/docs/0.8.0-SNAPSHOT/install/
zeppelin/site/docs/0.8.0-SNAPSHOT/manual/
zeppelin/site/docs/0.8.0-SNAPSHOT/quickstart/explorezeppelinui.html
zeppelin/site/docs/0.8.0-SNAPSHOT/quickstart/install_with_flink_and_spark_cluster.html
zeppelin/site/docs/0.8.0-SNAPSHOT/rest-api/
zeppelin/site/docs/0.8.0-SNAPSHOT/security/
zeppelin/site/docs/0.8.0-SNAPSHOT/storage/
Added: zeppelin/site/docs/0.8.0-SNAPSHOT/setup/security/http_security_headers.html
URL: http://svn.apache.org/viewvc/zeppelin/site/docs/0.8.0-SNAPSHOT/setup/security/http_security_headers.html?rev=1810050&view=auto
==============================================================================
--- zeppelin/site/docs/0.8.0-SNAPSHOT/setup/security/http_security_headers.html (added)
+++ zeppelin/site/docs/0.8.0-SNAPSHOT/setup/security/http_security_headers.html Fri Sep 29 03:45:43 2017
@@ -0,0 +1,364 @@
+
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="utf-8">
+ <title>Apache Zeppelin 0.8.0-SNAPSHOT Documentation: Setting up HTTP Response Headers</title>
+ <meta name="description" content="There are multiple HTTP Security Headers which can be configured in Apache Zeppelin. This page describes how to enable them by providing appropriate value in Zeppelin configuration file.">
+ <meta name="author" content="The Apache Software Foundation">
+
+ <!-- Enable responsive viewport -->
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+
+ <!-- Le HTML5 shim, for IE6-8 support of HTML elements -->
+ <!--[if lt IE 9]>
+ <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
+ <![endif]-->
+
+ <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css" rel="stylesheet">
+
+ <!-- Le styles -->
+ <link href="/docs/0.8.0-SNAPSHOT/assets/themes/zeppelin/bootstrap/css/bootstrap.css" rel="stylesheet">
+ <link href="/docs/0.8.0-SNAPSHOT/assets/themes/zeppelin/css/style.css?body=1" rel="stylesheet" type="text/css">
+ <link href="/docs/0.8.0-SNAPSHOT/assets/themes/zeppelin/css/syntax.css" rel="stylesheet" type="text/css" media="screen" />
+ <!-- Le fav and touch icons -->
+ <!-- Update these with your own images
+ <link rel="shortcut icon" href="images/favicon.ico">
+ <link rel="apple-touch-icon" href="images/apple-touch-icon.png">
+ <link rel="apple-touch-icon" sizes="72x72" href="images/apple-touch-icon-72x72.png">
+ <link rel="apple-touch-icon" sizes="114x114" href="images/apple-touch-icon-114x114.png">
+ -->
+
+ <!-- Js -->
+ <script src="https://code.jquery.com/jquery-1.10.2.min.js"></script>
+ <script src="/docs/0.8.0-SNAPSHOT/assets/themes/zeppelin/bootstrap/js/bootstrap.min.js"></script>
+ <script src="/docs/0.8.0-SNAPSHOT/assets/themes/zeppelin/js/docs.js"></script>
+ <script src="/docs/0.8.0-SNAPSHOT/assets/themes/zeppelin/js/anchor.min.js"></script>
+ <script src="/docs/0.8.0-SNAPSHOT/assets/themes/zeppelin/js/toc.js"></script>
+ <script src="/docs/0.8.0-SNAPSHOT/assets/themes/zeppelin/js/lunr.min.js"></script>
+ <script src="/docs/0.8.0-SNAPSHOT/assets/themes/zeppelin/js/search.js"></script>
+
+ <!-- atom & rss feed -->
+ <link href="/docs/0.8.0-SNAPSHOT/atom.xml" type="application/atom+xml" rel="alternate" title="Sitewide ATOM Feed">
+ <link href="/docs/0.8.0-SNAPSHOT/rss.xml" type="application/rss+xml" rel="alternate" title="Sitewide RSS Feed">
+ </head>
+
+ <body>
+
+ <div id="menu" class="navbar navbar-inverse navbar-fixed-top" role="navigation">
+ <div class="container navbar-container">
+ <div class="navbar-header">
+ <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
+ <span class="sr-only">Toggle navigation</span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ </button>
+ <div class="navbar-brand">
+ <a class="navbar-brand-main" href="http://zeppelin.apache.org">
+ <img src="/docs/0.8.0-SNAPSHOT/assets/themes/zeppelin/img/zeppelin_logo.png" width="50"
+ style="margin-top: -2px;" alt="I'm zeppelin">
+ <span style="margin-left: 5px; font-size: 27px;">Zeppelin</span>
+ <a class="navbar-brand-version" href="/docs/0.8.0-SNAPSHOT"
+ style="font-size: 15px; color: white;"> 0.8.0-SNAPSHOT
+ </a>
+ </a>
+ </div>
+ </div>
+ <nav class="navbar-collapse collapse" role="navigation">
+ <ul class="nav navbar-nav">
+ <li>
+ <a href="#" data-toggle="dropdown" class="dropdown-toggle">Quick Start <b class="caret"></b></a>
+ <ul class="dropdown-menu">
+ <li class="title"><span>Getting Started</span></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/quickstart/install.html">Install</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/quickstart/explore_ui.html">Explore UI</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/quickstart/tutorial.html">Tutorial</a></li>
+ <li role="separator" class="divider"></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/quickstart/spark_with_zeppelin.html">Spark with Zeppelin</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/quickstart/sql_with_zeppelin.html">SQL with Zeppelin</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/quickstart/python_with_zeppelin.html">Python with Zeppelin</a></li>
+ </ul>
+ </li>
+
+ <li>
+ <a href="#" data-toggle="dropdown" class="dropdown-toggle">Usage<b class="caret"></b></a>
+ <ul class="dropdown-menu scrollable-menu">
+ <li class="title"><span>Dynamic Form</span></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/usage/dynamic_form/intro.html">What is Dynamic Form?</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Display System</span></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/usage/display_system/basic.html#text">Text Display</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/usage/display_system/basic.html#html">HTML Display</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/usage/display_system/basic.html#table">Table Display</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/usage/display_system/basic.html#network">Network</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/usage/display_system/angular_backend.html">Angular Display using Backend API</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/usage/display_system/angular_frontend.html">Angular Display using Frontend API</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Interpreter</span></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/usage/interpreter/overview.html">Overview</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/usage/interpreter/interpreter_binding_mode.html">Interpreter Binding Mode</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/usage/interpreter/user_impersonation.html">User Impersonation</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/usage/interpreter/dependency_management.html">Dependency Management</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/usage/interpreter/installation.html">Installing Interpreters</a></li>
+ <!--<li><a href="/docs/0.8.0-SNAPSHOT/usage/interpreter/dynamic_loading.html">Dynamic Interpreter Loading (Experimental)</a></li>-->
+ <li><a href="/docs/0.8.0-SNAPSHOT/usage/interpreter/execution_hooks.html">Execution Hooks (Experimental)</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Other Features</span></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/usage/other_features/publishing_paragraphs.html">Publishing Paragraphs</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/usage/other_features/personalized_mode.html">Personalized Mode</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/usage/other_features/customizing_homepage.html">Customizing Zeppelin Homepage</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>REST API</span></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/usage/rest_api/interpreter.html">Interpreter API</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/usage/rest_api/zeppelin_server.html">Zeppelin Server API</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/usage/rest_api/notebook.html">Notebook API</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/usage/rest_api/notebook_repository.html">Notebook Repository API</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/usage/rest_api/configuration.html">Configuration API</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/usage/rest_api/credential.html">Credential API</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/usage/rest_api/helium.html">Helium API</a></li>
+ </ul>
+ </li>
+
+ <li>
+ <a href="#" data-toggle="dropdown" class="dropdown-toggle">Setup<b class="caret"></b></a>
+ <ul class="dropdown-menu scrollable-menu">
+ <li class="title"><span>Basics</span></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/setup/basics/how_to_build.html">How to Build Zeppelin</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/setup/basics/multi_user_support.html">Multi-user Support</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Deployment</span></li>
+ <!--<li><a href="/docs/0.8.0-SNAPSHOT/setup/deployment/docker.html">Docker Image for Zeppelin</a></li>-->
+ <li><a href="/docs/0.8.0-SNAPSHOT/setup/deployment/spark_cluster_mode.html#spark-standalone-mode">Spark Cluster Mode: Standalone</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/setup/deployment/spark_cluster_mode.html#spark-on-yarn-mode">Spark Cluster Mode: YARN</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/setup/deployment/spark_cluster_mode.html#spark-on-mesos-mode">Spark Cluster Mode: Mesos</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/setup/deployment/flink_and_spark_cluster.html">Zeppelin with Flink, Spark Cluster</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/setup/deployment/cdh.html">Zeppelin on CDH</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/setup/deployment/virtual_machine.html">Zeppelin on VM: Vagrant</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Security</span></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/setup/security/authentication_nginx.html">HTTP Basic Auth using NGINX</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/setup/security/shiro_authentication.html">Shiro Authentication</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/setup/security/notebook_authorization.html">Notebook Authorization</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/setup/security/datasource_authorization.html">Data Source Authorization</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/setup/security/http_security_headers.html">HTTP Security Headers</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Notebook Storage</span></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/setup/storage/storage.html#notebook-storage-in-local-git-repository">Git Storage</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/setup/storage/storage.html#notebook-storage-in-s3">S3 Storage</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/setup/storage/storage.html#notebook-storage-in-azure">Azure Storage</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/setup/storage/storage.html#notebook-storage-in-zeppelinhub">ZeppelinHub Storage</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/setup/storage/storage.html#notebook-storage-in-mongodb">MongoDB Storage</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Operation</span></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/setup/operation/configuration.html">Configuration</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/setup/operation/proxy_setting.html">Proxy Setting</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/setup/operation/upgrading.html">Upgrading</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/setup/operation/trouble_shooting.html">Trouble Shooting</a></li>
+ </ul>
+ </li>
+
+ <li>
+ <a href="#" data-toggle="dropdown" class="dropdown-toggle">Interpreter <b class="caret"></b></a>
+ <ul class="dropdown-menu scrollable-menu">
+ <li class="title"><span>Interpreters</span></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/usage/interpreter/overview.html">Overview</a></li>
+ <li role="separator" class="divider"></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/interpreter/spark.html">Spark</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/interpreter/jdbc.html">JDBC</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/interpreter/python.html">Python</a></li>
+ <li role="separator" class="divider"></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/interpreter/alluxio.html">Alluxio</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/interpreter/beam.html">Beam</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/interpreter/bigquery.html">BigQuery</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/interpreter/cassandra.html">Cassandra</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/interpreter/elasticsearch.html">Elasticsearch</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/interpreter/flink.html">Flink</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/interpreter/geode.html">Geode</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/interpreter/groovy.html">Groovy</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/interpreter/hbase.html">HBase</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/interpreter/hdfs.html">HDFS</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/interpreter/hive.html">Hive</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/interpreter/ignite.html">Ignite</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/interpreter/kylin.html">Kylin</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/interpreter/lens.html">Lens</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/interpreter/livy.html">Livy</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/interpreter/markdown.html">Markdown</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/interpreter/pig.html">Pig</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/interpreter/postgresql.html">Postgresql, HAWQ</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/interpreter/r.html">R</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/interpreter/scalding.html">Scalding</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/interpreter/scio.html">Scio</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/interpreter/shell.html">Shell</a></li>
+ </ul>
+ </li>
+ <li>
+ <a href="#" data-toggle="dropdown" class="dropdown-toggle">More<b class="caret"></b></a>
+ <ul class="dropdown-menu scrollable-menu" style="right: 0; left: auto;">
+ <li class="title"><span>Extending Zeppelin</span></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/development/writing_zeppelin_interpreter.html">Writing Zeppelin Interpreter</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Helium (Experimental)</span></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/development/helium/overview.html">Overview</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/development/helium/writing_application.html">Writing Helium Application</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/development/helium/writing_spell.html">Writing Helium Spell</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/development/helium/writing_visualization_basics.html">Writing Helium Visualization: Basics</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/development/helium/writing_visualization_transformation.html">Writing Helium Visualization: Transformation</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Contributing to Zeppelin</span></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/setup/basics/how_to_build.html">How to Build Zeppelin</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/development/contribution/useful_developer_tools.html">Useful Developer Tools</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/development/contribution/how_to_contribute_code.html">How to Contribute (code)</a></li>
+ <li><a href="/docs/0.8.0-SNAPSHOT/development/contribution/how_to_contribute_website.html">How to Contribute (website)</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>External Resources</span></li>
+ <li><a target="_blank" href="">Mailing List</a></li>
+ <li><a target="_blank" href="">Apache Zeppelin Wiki</a></li>
+ <li><a target="_blank" href="">Stackoverflow Questions about Zeppelin</a></li>
+ </ul>
+ </li>
+ <li>
+ <a href="/docs/0.8.0-SNAPSHOT/search.html" class="nav-search-link">
+ <span class="fa fa-search nav-search-icon"></span>
+ </a>
+ </li>
+ </ul>
+ </nav><!--/.navbar-collapse -->
+ </div>
+ </div>
+
+
+ <div class="content">
+
+<!--<div class="hero-unit Setting up HTTP Response Headers">
+ <h1></h1>
+</div>
+-->
+
+<div class="row">
+ <div class="col-md-12">
+ <!--
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+<h1>Setting up HTTP Response Headers for Zeppelin</h1>
+
+<div id="toc"></div>
+
+<p>Apache Zeppelin can be configured to include HTTP Headers which aids in preventing Cross Site Scripting (XSS), Cross-Frame Scripting (XFS) and also enforces HTTP Strict Transport Security. Apache Zeppelin also has configuration available to set the Application Server Version to desired value.</p>
+
+<h2>Setting up HTTP Strict Transport Security (HSTS) Response Header</h2>
+
+<p>Enabling HSTS Response Header prevents Man-in-the-middle attacks by automatically redirecting HTTP requests to HTTPS when Zeppelin Server is running on SSL. Read on how to configure SSL for Zeppelin <a href="../operation/configuration.html">here</a>. Even if web page contains any resource which gets served over HTTP or any HTTP links, it will automatically be redirected to HTTPS for the target domain.
+It also prevents MITM attack by not allowing User to override the invalid certificate message, when Attacker presents invalid SSL certificate to the User. </p>
+
+<p>The following property needs to be updated in the zeppelin-site.xml in order to enable HSTS. You can choose appropriate value for "max-age".</p>
+<div class="highlight"><pre><code class="text language-text" data-lang="text"><property>
+ <name>zeppelin.server.strict.transport</name>
+ <value>max-age=631138519</value>
+ <description>The HTTP Strict-Transport-Security response header is a security feature that lets a web site tell browsers that it should only be communicated with using HTTPS, instead of using HTTP. Enable this when Zeppelin is running on HTTPS. Value is in Seconds, the default value is equivalent to 20 years.</description>
+</property>
+</code></pre></div>
+<p>Possible values are:</p>
+
+<ul>
+<li>max-age=<expire-time></li>
+<li>max-age=<expire-time>; includeSubDomains</li>
+<li>max-age=<expire-time>; preload</li>
+</ul>
+
+<p>Read more about HSTS <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security">here</a>.</p>
+
+<h2>Setting up X-XSS-PROTECTION Header</h2>
+
+<p>The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari Web browsers that initiates configured action when they detect reflected cross-site scripting (XSS) attacks.</p>
+
+<p>The following property needs to be updated in the zeppelin-site.xml in order to set X-XSS-PROTECTION header. </p>
+<div class="highlight"><pre><code class="text language-text" data-lang="text"><property>
+ <name>zeppelin.server.xxss.protection</name>
+ <value>1; mode=block</value>
+ <description>The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. When value is set to 1 and a cross-site scripting attack is detected, the browser will sanitize the page (remove the unsafe parts).</description>
+</property>
+</code></pre></div>
+<p>You can choose appropriate value from below.</p>
+
+<ul>
+<li>0 (Disables XSS filtering)</li>
+<li>1 (Enables XSS filtering. If a cross-site scripting attack is detected, the browser will sanitize the page.)</li>
+<li>1; mode=block (Enables XSS filtering. The browser will prevent rendering of the page if an attack is detected.)</li>
+</ul>
+
+<p>Read more about HTTP X-XSS-Protection response header <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection">here</a>.</p>
+
+<h2>Setting up X-Frame-Options Header</h2>
+
+<p>The X-Frame-Options HTTP response header can indicate browser to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites in a <code><frame></code>,<code><iframe></code> or <code><object></code>.</p>
+
+<p>The following property needs to be updated in the zeppelin-site.xml in order to set X-Frame-Options header.</p>
+<div class="highlight"><pre><code class="text language-text" data-lang="text"><property>
+ <name>zeppelin.server.xframe.options</name>
+ <value>SAMEORIGIN</value>
+ <description>The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a frame/iframe/object.</description>
+</property>
+</code></pre></div>
+<p>You can choose appropriate value from below.</p>
+
+<ul>
+<li>DENY</li>
+<li>SAMEORIGIN</li>
+<li>ALLOW-FROM <em>uri</em></li>
+</ul>
+
+<h2>Setting up Server Header</h2>
+
+<p>Security conscious organisations does not want to reveal the Application Server name and version to prevent finding this information easily by Attacker while fingerprinting the Application. The exact version number can tell an Attacker if the current Application Server is patched for or vulnerable to certain publicly known CVE associated to it.</p>
+
+<p>The following property needs to be updated in the zeppelin-site.xml in order to set Server header.</p>
+<div class="highlight"><pre><code class="text language-text" data-lang="text"><property>
+ <name>zeppelin.server.jetty.name</name>
+ <value>Jetty(7.6.0.v20120127)</value>
+ <description>Hardcoding Application Server name to Prevent Fingerprinting</description>
+</property>
+</code></pre></div>
+<p>The value can be any "String".</p>
+
+ </div>
+</div>
+
+
+ <hr>
+ <footer>
+ <!-- <p>© 2017 The Apache Software Foundation</p>-->
+ </footer>
+ </div>
+
+
+
+
+ <script type="text/javascript">
+ (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
+ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
+ m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
+ })(window,document,'script','//www.google-analytics.com/analytics.js','ga');
+
+ ga('create', 'UA-45176241-5', 'zeppelin.apache.org');
+ ga('require', 'linkid', 'linkid.js');
+ ga('send', 'pageview');
+
+</script>
+
+
+
+ </body>
+</html>
+