This is an automated email from the ASF dual-hosted git repository. ni3galave pushed a commit to branch ranger-2.3 in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 8eb8a1bae8ee57055f66e0344a24aca1750f95d9 Author: Nitin Galave <[email protected]> AuthorDate: Mon Oct 11 17:35:21 2021 +0530 RANGER-3443 : "X-Permitted-Cross-Domain-Policies" header not set by Ranger UI --- .../ranger/security/web/filter/RangerSecurityContextFormationFilter.java | 1 + 1 file changed, 1 insertion(+) diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java index c508579..9f83daf 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java @@ -138,6 +138,7 @@ public class RangerSecurityContextFormationFilter extends GenericFilterBean { res.setHeader("X-XSS-Protection", "1; mode=block"); res.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains"); res.setHeader("Content-Security-Policy", "default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline';font-src 'self'"); + res.setHeader("X-Permitted-Cross-Domain-Policies", "none"); chain.doFilter(request, res); } finally {
