[
https://issues.apache.org/jira/browse/HBASE-14148?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14637961#comment-14637961
]
Sean Busbey commented on HBASE-14148:
-------------------------------------
{code}
+
+For org.apache.hadoop.hbase.http.XFrameOptionsFilter
+
+/**
+ * Software published by the Open Web Application Security Project
(http://www.owasp.org)
+ * This software is licensed under the new BSD license.
+ * Copyright 2009, Jeff Williams <a
href="http://www.aspectsecurity.com";>Aspect Security</a>
+ */
{code}
This has to include a copy of the license text itself.
> Web UI Framable Page
> --------------------
>
> Key: HBASE-14148
> URL: https://issues.apache.org/jira/browse/HBASE-14148
> Project: HBase
> Issue Type: Bug
> Reporter: Apekshit Sharma
> Assignee: Apekshit Sharma
> Attachments: HBASE-14148-master.patch
>
>
> The web UIs do not include the "X-Frame-Options" header to prevent the pages
> from being framed from another site.
> Reference:
> https://www.owasp.org/index.php/Clickjacking
> https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
> https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
