This is an automated email from the ASF dual-hosted git repository.
wuzhiguo pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new f94e502c06 AMBARI-25159: http.strict-transport-security change does
not take affect (#3422)
f94e502c06 is described below
commit f94e502c06c1e40baefbb084567f41673b2525fd
Author: Zhiguo Wu <[email protected]>
AuthorDate: Wed Oct 26 00:06:06 2022 +0800
AMBARI-25159: http.strict-transport-security change does not take affect
(#3422)
---
.../apache/ambari/server/configuration/spring/ApiSecurityConfig.java | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/spring/ApiSecurityConfig.java
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/spring/ApiSecurityConfig.java
index c551e5e219..06a0ee1bd5 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/spring/ApiSecurityConfig.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/spring/ApiSecurityConfig.java
@@ -89,7 +89,8 @@ public class ApiSecurityConfig extends
WebSecurityConfigurerAdapter{
http.csrf().disable()
.authorizeRequests().anyRequest().authenticated()
.and()
- .headers().frameOptions().disable().and()
+ .headers().httpStrictTransportSecurity().disable()
+ .frameOptions().disable().and()
.exceptionHandling().authenticationEntryPoint(ambariEntryPoint)
.and()
.addFilterBefore(guiceBeansConfig.ambariUserAuthorizationFilter(),
BasicAuthenticationFilter.class)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
