Repository: nifi Updated Branches: refs/heads/master fb94990e6 -> ac8e57259
NIFI-3907 Added response headers. Signed-off-by: Andy LoPresto <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/nifi/repo Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/ac8e5725 Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/ac8e5725 Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/ac8e5725 Branch: refs/heads/master Commit: ac8e57259f8e4d8183d938f46a28f3c73b595940 Parents: fb94990 Author: Matt Gilman <[email protected]> Authored: Tue May 16 11:55:01 2017 -0700 Committer: Andy LoPresto <[email protected]> Committed: Tue May 16 11:55:36 2017 -0700 ---------------------------------------------------------------------- .../org/apache/nifi/web/server/JettyServer.java | 33 ++++++++++++++++++++ 1 file changed, 33 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/nifi/blob/ac8e5725/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java index 8225892..4fa01a5 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java @@ -69,7 +69,14 @@ import org.springframework.web.context.WebApplicationContext; import org.springframework.web.context.support.WebApplicationContextUtils; import javax.servlet.DispatcherType; +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletResponse; import java.io.BufferedReader; import java.io.File; import java.io.FileFilter; @@ -463,6 +470,9 @@ public class JettyServer implements NiFiServer { // configure the max form size (3x the default) webappContext.setMaxFormContentSize(600000); + // add a filter to set the X-Frame-Options filter + webappContext.addFilter(new FilterHolder(FRAME_OPTIONS_FILTER), "/*", EnumSet.allOf(DispatcherType.class)); + try { // configure the class loader - webappClassLoader -> jetty nar -> web app's nar -> ... webappContext.setClassLoader(new WebAppClassLoader(parentClassLoader, webappContext)); @@ -883,4 +893,27 @@ public class JettyServer implements NiFiServer { } } + private static final Filter FRAME_OPTIONS_FILTER = new Filter() { + private static final String FRAME_OPTIONS = "X-Frame-Options"; + private static final String SAME_ORIGIN = "SAMEORIGIN"; + + @Override + public void doFilter(final ServletRequest req, final ServletResponse resp, final FilterChain filterChain) + throws IOException, ServletException { + + // set frame options accordingly + final HttpServletResponse response = (HttpServletResponse) resp; + response.addHeader(FRAME_OPTIONS, SAME_ORIGIN); + + filterChain.doFilter(req, resp); + } + + @Override + public void init(final FilterConfig config) { + } + + @Override + public void destroy() { + } + }; }
