You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@kudu.apache.org by "Todd Lipcon (Code Review)" <ge...@cloudera.org> on 2017/03/03 00:07:30 UTC
[kudu-CR](branch-1.3.x) webserver: add X-Frame-Options header
Todd Lipcon has uploaded a new change for review.
http://gerrit.cloudera.org:8080/6233
Change subject: webserver: add X-Frame-Options header
......................................................................
webserver: add X-Frame-Options header
This adds a default 'DENY' header in order to prevent Kudu web pages
from being put into cross-domain iframes. This can prevent clickjacking
attacks, and generally considered a good idea for web security.
See: https://www.owasp.org/index.php/Clickjacking
Change-Id: Ie43ec476712c2574a4dc746dae6218f0a4195e09
Reviewed-on: http://gerrit.cloudera.org:8080/6215
Tested-by: Kudu Jenkins
Reviewed-by: Dan Burkert <da...@apache.org>
(cherry picked from commit f6a1a60760296e7014d5d7b04ce68d0835721da8)
---
M src/kudu/server/webserver-test.cc
M src/kudu/server/webserver.cc
M src/kudu/util/curl_util.cc
M src/kudu/util/curl_util.h
4 files changed, 29 insertions(+), 12 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/33/6233/1
--
To view, visit http://gerrit.cloudera.org:8080/6233
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie43ec476712c2574a4dc746dae6218f0a4195e09
Gerrit-PatchSet: 1
Gerrit-Project: kudu
Gerrit-Branch: branch-1.3.x
Gerrit-Owner: Todd Lipcon <to...@apache.org>
[kudu-CR](branch-1.3.x) webserver: add X-Frame-Options header
Posted by "Todd Lipcon (Code Review)" <ge...@cloudera.org>.
Todd Lipcon has posted comments on this change.
Change subject: webserver: add X-Frame-Options header
......................................................................
Patch Set 1: Code-Review+2
--
To view, visit http://gerrit.cloudera.org:8080/6233
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Ie43ec476712c2574a4dc746dae6218f0a4195e09
Gerrit-PatchSet: 1
Gerrit-Project: kudu
Gerrit-Branch: branch-1.3.x
Gerrit-Owner: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-HasComments: No
[kudu-CR](branch-1.3.x) webserver: add X-Frame-Options header
Posted by "Todd Lipcon (Code Review)" <ge...@cloudera.org>.
Todd Lipcon has submitted this change and it was merged.
Change subject: webserver: add X-Frame-Options header
......................................................................
webserver: add X-Frame-Options header
This adds a default 'DENY' header in order to prevent Kudu web pages
from being put into cross-domain iframes. This can prevent clickjacking
attacks, and generally considered a good idea for web security.
See: https://www.owasp.org/index.php/Clickjacking
Change-Id: Ie43ec476712c2574a4dc746dae6218f0a4195e09
Reviewed-on: http://gerrit.cloudera.org:8080/6215
Tested-by: Kudu Jenkins
Reviewed-by: Dan Burkert <da...@apache.org>
(cherry picked from commit f6a1a60760296e7014d5d7b04ce68d0835721da8)
Reviewed-on: http://gerrit.cloudera.org:8080/6233
Reviewed-by: Todd Lipcon <to...@apache.org>
---
M src/kudu/server/webserver-test.cc
M src/kudu/server/webserver.cc
M src/kudu/util/curl_util.cc
M src/kudu/util/curl_util.h
4 files changed, 29 insertions(+), 12 deletions(-)
Approvals:
Todd Lipcon: Looks good to me, approved
Kudu Jenkins: Verified
--
To view, visit http://gerrit.cloudera.org:8080/6233
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ie43ec476712c2574a4dc746dae6218f0a4195e09
Gerrit-PatchSet: 2
Gerrit-Project: kudu
Gerrit-Branch: branch-1.3.x
Gerrit-Owner: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>