----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70155/#review213551 -----------------------------------------------------------
docs/src/site/markdown/AG_Install.md Lines 945 (patched) <https://reviews.apache.org/r/70155/#comment299520> I'd add 'seconds' after the number renamed: oozie.hsts.max.age.seconds server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java Lines 51 (patched) <https://reviews.apache.org/r/70155/#comment299521> renamed: oozie.hsts.max.age.seconds - Andras Salamon On March 8, 2019, 10:02 a.m., Kinga Marton wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/70155/ > ----------------------------------------------------------- > > (Updated March 8, 2019, 10:02 a.m.) > > > Review request for oozie and Andras Salamon. > > > Repository: oozie-git > > > Description > ------- > > As a security best practice we should add support for HSTS via oozie-site.xml > in case of embedded Jetty. > https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet > http://www.eclipse.org/jetty/documentation/9.3.x/embedded-examples.html - > this page is not available anymore > > https://www.eclipse.org/jetty/documentation/9.4.15.v20190215/embedded-examples.html > > > > Maybe we should even make it enabled by default when SSL is configured. > > > Diffs > ----- > > core/src/main/resources/oozie-default.xml c7f2becaa > docs/src/site/markdown/AG_Install.md 270b98fb0 > server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java > 466cefc2e > > server/src/test/java/org/apache/oozie/server/TestSSLServerConnectorFactory.java > f926a0910 > > > Diff: https://reviews.apache.org/r/70155/diff/2/ > > > Testing > ------- > > Junit + manually tested > > > Thanks, > > Kinga Marton > >
