You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@atlas.apache.org by ma...@apache.org on 2018/03/17 17:33:10 UTC
atlas git commit: ATLAS-2500: added additional headers in HTTP
response
Repository: atlas
Updated Branches:
refs/heads/master 809a99c8a -> 1927b32b9
ATLAS-2500: added additional headers in HTTP response
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/atlas/repo
Commit: http://git-wip-us.apache.org/repos/asf/atlas/commit/1927b32b
Tree: http://git-wip-us.apache.org/repos/asf/atlas/tree/1927b32b
Diff: http://git-wip-us.apache.org/repos/asf/atlas/diff/1927b32b
Branch: refs/heads/master
Commit: 1927b32b95017ee49629978c85523bd02a0085f9
Parents: 809a99c
Author: nixonrodrigues <ni...@apache.org>
Authored: Wed Mar 14 23:58:51 2018 +0530
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Sat Mar 17 10:21:03 2018 -0700
----------------------------------------------------------------------
.../org/apache/atlas/web/filters/AtlasAuthenticationFilter.java | 3 +++
.../atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java | 4 ++++
2 files changed, 7 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/atlas/blob/1927b32b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
index 249b51b..27b817c 100644
--- a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
+++ b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java
@@ -346,6 +346,9 @@ public class AtlasAuthenticationFilter extends AuthenticationFilter {
HttpServletResponse httpResponse = (HttpServletResponse) response;
AtlasResponseRequestWrapper responseWrapper = new AtlasResponseRequestWrapper(httpResponse);
responseWrapper.setHeader("X-Frame-Options", "DENY");
+ responseWrapper.setHeader("X-Content-Type-Options", "nosniff");
+ responseWrapper.setHeader("X-XSS-Protection", "1; mode=block");
+ responseWrapper.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
if (headerProperties != null) {
for (String headerKey : headerProperties.stringPropertyNames()) {
http://git-wip-us.apache.org/repos/asf/atlas/blob/1927b32b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java
index 686396d..8bac8c6 100644
--- a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java
+++ b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasKnoxSSOAuthenticationFilter.java
@@ -137,6 +137,10 @@ public class AtlasKnoxSSOAuthenticationFilter implements Filter {
AtlasResponseRequestWrapper responseWrapper = new AtlasResponseRequestWrapper(httpResponse);
responseWrapper.setHeader("X-Frame-Options", "DENY");
+ responseWrapper.setHeader("X-Content-Type-Options", "nosniff");
+ responseWrapper.setHeader("X-XSS-Protection", "1; mode=block");
+ responseWrapper.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
+
if (!ssoEnabled) {
filterChain.doFilter(servletRequest, servletResponse);