You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by da...@apache.org on 2019/07/17 18:41:31 UTC
[hive] branch master updated: HIVE-21986: HiveServer Web UI:
Setting the Strict-Transport-Security in default response header (Rajkumar
Singh, reviewed by Gopal V)
This is an automated email from the ASF dual-hosted git repository.
daijy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git
The following commit(s) were added to refs/heads/master by this push:
new 96dc429 HIVE-21986: HiveServer Web UI: Setting the Strict-Transport-Security in default response header (Rajkumar Singh, reviewed by Gopal V)
96dc429 is described below
commit 96dc42999619a4c313e769e5335f6fbefb3d9167
Author: Daniel Dai <da...@cloudera.com>
AuthorDate: Wed Jul 17 11:41:20 2019 -0700
HIVE-21986: HiveServer Web UI: Setting the Strict-Transport-Security in default response header (Rajkumar Singh, reviewed by Gopal V)
---
common/src/java/org/apache/hive/http/HttpServer.java | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/common/src/java/org/apache/hive/http/HttpServer.java b/common/src/java/org/apache/hive/http/HttpServer.java
index 35ab7f8..b3ce8da 100644
--- a/common/src/java/org/apache/hive/http/HttpServer.java
+++ b/common/src/java/org/apache/hive/http/HttpServer.java
@@ -113,12 +113,15 @@ public class HttpServer {
public static final String ADMINS_ACL = "admins.acl";
private XFrameOption xFrameOption;
private boolean xFrameOptionIsEnabled;
+ private boolean isSSLEnabled;
public static final String HTTP_HEADER_PREFIX = "hadoop.http.header.";
private static final String X_FRAME_OPTIONS = "X-FRAME-OPTIONS";
static final String X_XSS_PROTECTION =
"X-XSS-Protection:1; mode=block";
static final String X_CONTENT_TYPE_OPTIONS =
"X-Content-Type-Options:nosniff";
+ static final String STRICT_TRANSPORT_SECURITY =
+ "Strict-Transport-Security:max-age=31536000; includeSubDomains";
private static final String HTTP_HEADER_REGEX =
"hadoop\\.http\\.header\\.([a-zA-Z\\-_]+)";
private static final Pattern PATTERN_HTTP_HEADER_REGEX =
@@ -137,6 +140,7 @@ public class HttpServer {
private HttpServer(final Builder b) throws IOException {
this.name = b.name;
this.xFrameOptionIsEnabled = b.xFrameEnabled;
+ this.isSSLEnabled = b.useSSL;
this.xFrameOption = b.xFrameOption;
createWebServer(b);
}
@@ -675,6 +679,10 @@ public class HttpServer {
splitVal = X_XSS_PROTECTION.split(":");
headers.put(HTTP_HEADER_PREFIX + splitVal[0],
splitVal[1]);
+ if(this.isSSLEnabled){
+ splitVal = STRICT_TRANSPORT_SECURITY.split(":");
+ headers.put(HTTP_HEADER_PREFIX + splitVal[0],splitVal[1]);
+ }
return headers;
}