You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2023/05/23 11:17:00 UTC
[jira] [Commented] (NIFI-11558) Apply Security Headers to All Responses from Registry
[ https://issues.apache.org/jira/browse/NIFI-11558?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17725367#comment-17725367 ]
ASF subversion and git services commented on NIFI-11558:
--------------------------------------------------------
Commit 5bbde66f14d8ebd25a519fd130c7a43e4e1789b0 in nifi's branch refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=5bbde66f14 ]
NIFI-11558 Applied Security Headers to All Registry Responses
- Refactored Registry Filters to shared HeaderWriterHandler
- Refactored Registry Jetty Server with delegated HandlerProvider
Signed-off-by: Joe Gresock <jg...@gmail.com>
This closes #7258.
> Apply Security Headers to All Responses from Registry
> -----------------------------------------------------
>
> Key: NIFI-11558
> URL: https://issues.apache.org/jira/browse/NIFI-11558
> Project: Apache NiFi
> Issue Type: Improvement
> Components: NiFi Registry, Security
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Minor
> Fix For: 1.latest, 2.latest
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> NiFi Registry has a common set of filters that apply several standard security-related HTTP headers to responses. The Jetty Server configuration applies these headers to the Registry API and UI applications, but requests to the root path do not return these headers, which can be misleading to some automated security scanners. For a consistent approach, the security-related headers should be applied using a Jetty Handler that works for all requests and responses.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)