You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Zhiguo Wu (Jira)" <ji...@apache.org> on 2022/10/25 16:12:00 UTC

[jira] [Updated] (AMBARI-25159) http.strict-transport-security change does not take affect in 2.7.x

     [ https://issues.apache.org/jira/browse/AMBARI-25159?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Zhiguo Wu updated AMBARI-25159:
-------------------------------
    Fix Version/s: 2.8.0

> http.strict-transport-security change does not take affect in 2.7.x
> -------------------------------------------------------------------
>
>                 Key: AMBARI-25159
>                 URL: https://issues.apache.org/jira/browse/AMBARI-25159
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.7.3
>            Reporter: amarnath reddy pappu
>            Assignee: Papirkovskyy Myroslav
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 2.8.0, 2.7.4
>
>          Time Spent: 3h 20m
>  Remaining Estimate: 0h
>
> Updating the below configurations does not take affect in Ambari 2.7.x version
> {noformat}
> http.strict-transport-security=max-age=0
> views.http.strict-transport-security=max-age=0
> {noformat}
> After setting the above configurations still API response gives below max-age headers.
> {noformat}
> Strict-Transport-Security: max-age=31536000 ; includeSubDomains
> {noformat}
> I see AmbariServerSecurityHeaderFilter.java setting the correctly defined params but later somehow it is going to default value.
> This works fine in 2.6.x versions.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ambari.apache.org
For additional commands, e-mail: issues-help@ambari.apache.org