You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Gopal V (JIRA)" <ji...@apache.org> on 2019/07/11 00:58:00 UTC
[jira] [Commented] (HIVE-21986) HiveServer Web UI: Setting the
Strict-Transport-Security in default response header
[ https://issues.apache.org/jira/browse/HIVE-21986?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16882552#comment-16882552 ]
Gopal V commented on HIVE-21986:
--------------------------------
This is an HTTPS-only flag - the header set doesn't seem to confirm if SSL is enabled?
> HiveServer Web UI: Setting the Strict-Transport-Security in default response header
> -----------------------------------------------------------------------------------
>
> Key: HIVE-21986
> URL: https://issues.apache.org/jira/browse/HIVE-21986
> Project: Hive
> Issue Type: Bug
> Components: HiveServer2
> Affects Versions: 3.1.1
> Reporter: Rajkumar Singh
> Assignee: Rajkumar Singh
> Priority: Major
> Attachments: HIVE-21986.patch
>
>
> Currently, HiveServer UI HTTP response header doesn't have Strict-Transport-Security set so will be adding this to default header.
> expected response after patch:
> {code:java}
> HTTP/1.1 200 OK
> Date: Wed, 10 Jul 2019 22:47:34 GMT
> Content-Type: text/html;charset=utf-8
> Strict-Transport-Security: max-age=31536000; includeSubDomains
> X-Content-Type-Options: nosniff
> X-FRAME-OPTIONS: SAMEORIGIN
> X-XSS-Protection: 1; mode=block
> Set-Cookie: JSESSIONID=fby9p6p5olb12xui7kj93uys;Path=/;HttpOnly
> Expires: Thu, 01 Jan 1970 00:00:00 GMT
> Content-Length: 3824
> Server: Jetty(9.3.25.v20180904)
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)