Re: Review Request 73644: RANGER-3443 : "X-Permitted-Cross-Domain-Policies" header not set by Ranger UI.

Nitin Galave Tue, 07 Dec 2021 05:31:46 -0800

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73644/
-----------------------------------------------------------


(Updated Dec. 7, 2021, 1:31 p.m.)


Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Jayendra Parab, 
Kishor Gollapalliwar, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, and 
Velmurugan Periasamy.


Bugs: RANGER-3443
    https://issues.apache.org/jira/browse/RANGER-3443


Repository: ranger


Description (updated)
-------

Ranger does not return "X-Permitted-Cross-Domain-Policies" response header. 
OWASP best practices suggest explicitly setting this header to "none".


Diffs
-----

  
security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
 c50857940 


Diff: https://reviews.apache.org/r/73644/diff/1/


Testing
-------

Tested that Added "X-Permitted-Cross-Domain-Policies" responce header.


Thanks,

Nitin Galave

Re: Review Request 73644: RANGER-3443 : "X-Permitted-Cross-Domain-Policies" header not set by Ranger UI.

Reply via email to