[jira] [Updated] (ATLAS-3841) Response Headers: Code refactoring

Tue, 07 Jul 2020 05:51:36 -0700 


     [ 
https://issues.apache.org/jira/browse/ATLAS-3841?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mandar Ambawane updated ATLAS-3841:
-----------------------------------
    Description: 
Currently headers setting code is scattered at different places.
In this patch, code refactoring is done to set response headers from 
AtlasHeaderFilter.java

Currently js/ html files come under the unauthorized urls.
Therefore, these files do not have headers which are applied by default by 
spring security.

To overcome this problem, In this patch we are applying all the spring security 
headers to these unauthorized urls explicitly.
We are doing this by mapping all the urls (authorized + unauthorized) to go 
through one servlet filter which is AtlasHeaderFilter.

In case of authorized urls, spring by default set some of the headers. To avoid 
overwriting of these headers in authorized urls, those headers are skipped in 
the AtlasHeaderFilter.

Also this patch provides flexibility to select file formats to be excluded from 
applying response headers.

> Response Headers: Code refactoring
> ----------------------------------
>
>                 Key: ATLAS-3841
>                 URL: https://issues.apache.org/jira/browse/ATLAS-3841
>             Project: Atlas
>          Issue Type: Bug
>            Reporter: Mandar Ambawane
>            Assignee: Mandar Ambawane
>            Priority: Major
>
> Currently headers setting code is scattered at different places.
> In this patch, code refactoring is done to set response headers from 
> AtlasHeaderFilter.java
> Currently js/ html files come under the unauthorized urls.
> Therefore, these files do not have headers which are applied by default by 
> spring security.
> To overcome this problem, In this patch we are applying all the spring 
> security headers to these unauthorized urls explicitly.
> We are doing this by mapping all the urls (authorized + unauthorized) to go 
> through one servlet filter which is AtlasHeaderFilter.
> In case of authorized urls, spring by default set some of the headers. To 
> avoid overwriting of these headers in authorized urls, those headers are 
> skipped in the AtlasHeaderFilter.
> Also this patch provides flexibility to select file formats to be excluded 
> from applying response headers.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to