This is an automated email from the ASF dual-hosted git repository.

ni3galave pushed a commit to branch ranger-2.3
in repository https://gitbox.apache.org/repos/asf/ranger.git

commit 8eb8a1bae8ee57055f66e0344a24aca1750f95d9
Author: Nitin Galave <[email protected]>
AuthorDate: Mon Oct 11 17:35:21 2021 +0530

    RANGER-3443 : "X-Permitted-Cross-Domain-Policies" header not set by Ranger 
UI
---
 .../ranger/security/web/filter/RangerSecurityContextFormationFilter.java | 1 +
 1 file changed, 1 insertion(+)

diff --git 
a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
 
b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
index c508579..9f83daf 100644
--- 
a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
+++ 
b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
@@ -138,6 +138,7 @@ public class RangerSecurityContextFormationFilter extends 
GenericFilterBean {
                        res.setHeader("X-XSS-Protection", "1; mode=block");
                        res.setHeader("Strict-Transport-Security", 
"max-age=31536000; includeSubDomains");
                        res.setHeader("Content-Security-Policy", "default-src 
'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; 
img-src 'self'; style-src 'self' 'unsafe-inline';font-src 'self'");
+                       res.setHeader("X-Permitted-Cross-Domain-Policies", 
"none");
                        chain.doFilter(request, res);
 
                } finally {

Reply via email to