[
https://issues.apache.org/jira/browse/KNOX-1434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sandeep More updated KNOX-1434:
-------------------------------
Fix Version/s: 1.2.0
> Visiting Knox Admin UI forces subsequent requests to other services redirect
> to HTTPS
> -------------------------------------------------------------------------------------
>
> Key: KNOX-1434
> URL: https://issues.apache.org/jira/browse/KNOX-1434
> Project: Apache Knox
> Issue Type: Bug
> Components: AdminUI
> Affects Versions: 1.0.0
> Environment: HDP 3.0
> Knox 1.0.0
> Reporter: Vipin Rathor
> Priority: Critical
> Fix For: 1.2.0
>
>
> *Problem Description:*
> Visiting Knox Admin UI in any browser (Firefox / Chrome) sets the HTTP Strict
> Transport Security (HSTS) header for the host where Knox is running. Any
> subsequent request to other service on the same host (e.g. Graphana, Ranger
> etc.) over HTTP would get redirected to HTTPS due to this header.
> Please note that, this HSTS header is disabled in all Knox topologies by
> default.
> Ref:
> [https://knox.apache.org/books/knox-1-1-0/user-guide.html#HTTP+Strict+Transport+Security]
>
> *Impact:*
> All the non-SSL requests to other services get redirected automatically to
> HTTPS and would result in SSL errors like: SSL_ERROR_RX_RECORD_TOO_LONG or
> some other error.
>
> *Expected Behavior:*
> Unless HSTS is specifically enabled for Knox Admin UI, it should not set HSTS
> header.
>
> *Steps to reproduce:*
> # Configure Knox with default topology as one normally would.
> # Once Knox is up, visit Knox Admin UI
> # Now, in the same browser session, visit any non-SSL service running on the
> same Knox host (like Ranger UI on 6080).
> # Browser will redirect this HTTP request to HTTPS.
> # If one can carefully clear the HSTS header in browser, then redirection
> will stop until the next time one visits Knox Admin UI again.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
