You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2020/01/01 20:59:00 UTC

[jira] [Commented] (AIRFLOW-6353) security - ui - add click jacking defence

    [ https://issues.apache.org/jira/browse/AIRFLOW-6353?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17006481#comment-17006481 ] 

ASF GitHub Bot commented on AIRFLOW-6353:
-----------------------------------------

tooptoop4 commented on pull request #6995: [AIRFLOW-6353] security - ui - add click jacking defence
URL: https://github.com/apache/airflow/pull/6995
 
 
   - [ X] Description above provides context of the change
   - [ X] Commit message contains [\[AIRFLOW-6353\]](https://issues.apache.org/jira/browse/AIRFLOW-6353) or `[AIRFLOW-XXXX]` for document-only changes
   - [ X] Unit tests coverage for changes (not needed for documentation changes)
   - [ X] Commits follow "[How to write a good git commit message](http://chris.beams.io/posts/git-commit/)"
   - [X ] Relevant documentation is updated including usage instructions.
   - [ X] I will engage committers as explained in [Contribution Workflow Example](https://github.com/apache/airflow/blob/master/CONTRIBUTING.rst#contribution-workflow-example).
   
   In case of fundamental code change, Airflow Improvement Proposal ([AIP](https://cwiki.apache.org/confluence/display/AIRFLOW/Airflow+Improvements+Proposals)) is needed.
   In case of a new dependency, check compliance with the [ASF 3rd Party License Policy](https://www.apache.org/legal/resolved.html#category-x).
   In case of backwards incompatible changes please leave a note in [UPDATING.md](https://github.com/apache/airflow/blob/master/UPDATING.md).
   Read the [Pull Request Guidelines](https://github.com/apache/airflow/blob/master/CONTRIBUTING.rst#pull-request-guidelines) for more information.
   
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> security - ui - add click jacking defence
> -----------------------------------------
>
>                 Key: AIRFLOW-6353
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-6353
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: security, ui
>    Affects Versions: 1.10.3
>            Reporter: t oo
>            Assignee: t oo
>            Priority: Major
>
> www/app.py Add Click jacking defence
>  
> Fix:
> at the end of     
> def create_app(config=None, testing=False):
> @app.after_request
> def apply_caching(response):
> response.headers["X-Frame-Options"] = "DENY"
> return response



--
This message was sent by Atlassian Jira
(v8.3.4#803005)