[
https://issues.apache.org/jira/browse/DRILL-7626?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17058946#comment-17058946
]
ASF GitHub Bot commented on DRILL-7626:
---------------------------------------
ihuzenko commented on pull request #2025: DRILL-7626: Add ability to set HTTP
response headers
URL: https://github.com/apache/drill/pull/2025
# [DRILL-XXXX](https://issues.apache.org/jira/browse/DRILL-7626): Add
ability to set HTTP response headers
## Description
1. Created ResponseHeadersSettingFilter for adding configured values to each
response.
2. Now for when drill.exec.http.ssl_enabled is set to true, users can add
following headers
to improve security:
"X-XSS-Protection" : "1; mode=block",
"X-Content-Type-Options" : "nosniff",
"Strict-Transport-Security" : "max-age=31536000;includeSubDomains",
"Content-Security-Policy" : "Content-Security-Policy": "default-src
https:; script-src 'unsafe-inline' https:; style-src 'unsafe-inline' https:;
font-src data: https:; img-src data: https:"
## Documentation
Adding of new response headers now available in drill-override.conf under
key drill.exec.http.jetty.server.response.headers . For example:
```
drill.exec: {
cluster-id: "drillbits1",
zk.connect: "localhost:2181",
http: {
ssl_enabled: true,
jetty.server.response.headers: {
"X-XSS-Protection": "1; mode=block",
"X-Content-Type-Options": "nosniff",
"Strict-Transport-Security": "max-age=31536000;includeSubDomains",
"Content-Security-Policy": "default-src https:; script-src
'unsafe-inline' https:; font-src data: https:; img-src data: https:"
}
}
}
```
## Testing
Tested manually with Web UI.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> Add ability to set HTTP response headers
> ----------------------------------------
>
> Key: DRILL-7626
> URL: https://issues.apache.org/jira/browse/DRILL-7626
> Project: Apache Drill
> Issue Type: Sub-task
> Reporter: Igor Guzenko
> Assignee: Igor Guzenko
> Priority: Major
> Fix For: 1.18.0
>
>
> It should be possible to make response headers configurable under common
> options path
> *drill.exec.http.jetty.server.response.headers*, like
> {code:none}
> jetty: {
> server: {
> response: {
> # any response headers with constant values may be configured like
> this
> headers: {
> "Custom Header Name": "Text Value",
> "BooleanHeader": true
> }
> }
> }
> }
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
