This is an automated email from the ASF dual-hosted git repository.
vel pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 10c8555 RANGER-3171 : Ranger ui became broken after logout in Firefox.
10c8555 is described below
commit 10c8555055579b34f18088a26949eb1254c0e914
Author: Dhaval Rajpara <[email protected]>
AuthorDate: Fri Feb 19 01:52:38 2021 +0530
RANGER-3171 : Ranger ui became broken after logout in Firefox.
Signed-off-by: Velmurugan Periasamy <[email protected]>
---
.../security/web/filter/RangerSecurityContextFormationFilter.java | 1 +
security-admin/src/main/webapp/login.jsp | 4 ++++
2 files changed, 5 insertions(+)
diff --git
a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
index 6cc3a81..c508579 100644
---
a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
+++
b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
@@ -133,6 +133,7 @@ public class RangerSecurityContextFormationFilter extends
GenericFilterBean {
context.setUserSession(userSession);
}
HttpServletResponse res = (HttpServletResponse)response;
+ res.setHeader("Cache-Control", "no-cache, no-store,
max-age=0, must-revalidate");
res.setHeader("X-Frame-Options", "DENY" );
res.setHeader("X-XSS-Protection", "1; mode=block");
res.setHeader("Strict-Transport-Security",
"max-age=31536000; includeSubDomains");
diff --git a/security-admin/src/main/webapp/login.jsp
b/security-admin/src/main/webapp/login.jsp
index e61278d..df234ef 100644
--- a/security-admin/src/main/webapp/login.jsp
+++ b/security-admin/src/main/webapp/login.jsp
@@ -57,6 +57,10 @@
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("Content-Security-Policy", "default-src 'none';
script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src
'self'; style-src 'self' 'unsafe-inline';font-src 'self'");
response.setHeader("Strict-Transport-Security", "max-age=31536000;
includeSubDomains");
+ // Delete browser cache in firefox environment
+ response.setHeader("Cache-Control", "no-cache, no-store,
max-age=0, must-revalidate"); // HTTP 1.1.
+ response.setHeader("Pragma", "no-cache");
+ response.setHeader("Expires", "0");
%>
<!-- Page content
================================================== -->