You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by me...@apache.org on 2020/03/24 11:30:29 UTC
[ranger] branch master updated: RANGER-2744 : Add response header
in login.jsp page
This is an automated email from the ASF dual-hosted git repository.
mehul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new f6ae204 RANGER-2744 : Add response header in login.jsp page
f6ae204 is described below
commit f6ae204704c5e717aaf7d06e05af5534a2ce503a
Author: Nitin Galave <ni...@apache.org>
AuthorDate: Fri Mar 20 14:22:52 2020 +0530
RANGER-2744 : Add response header in login.jsp page
Signed-off-by: Mehul Parikh <me...@apache.org>
---
security-admin/src/main/webapp/login.jsp | 3 +++
1 file changed, 3 insertions(+)
diff --git a/security-admin/src/main/webapp/login.jsp b/security-admin/src/main/webapp/login.jsp
index c5e80d1..570ab75 100644
--- a/security-admin/src/main/webapp/login.jsp
+++ b/security-admin/src/main/webapp/login.jsp
@@ -56,6 +56,9 @@
<body class="login" style="">
<%
response.setHeader("X-Frame-Options", "DENY");
+ response.setHeader("X-Content-Type-Options", "nosniff");
+ response.setHeader("X-XSS-Protection", "1; mode=block");
+ response.setHeader("Content-Security-Policy", "default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline';font-src 'self'");
%>
<!-- Page content
================================================== -->