[
https://issues.apache.org/jira/browse/HBASE-14148?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14641279#comment-14641279
]
Apekshit Sharma commented on HBASE-14148:
-----------------------------------------
In v2, license in the start of XFrameOptionsFilter.java was
{noformat}
/**
* Software published by the Open Web Application Security Project
(http://www.owasp.org)
* This software is licensed under the new BSD license.
* Copyright 2009, Jeff Williams <a
href="http://www.aspectsecurity.com";>Aspect Security</a>
*/
{noformat}
I thought "-1 release audit" was because of that, so I changed it to full
license in V3. Alas, QA is still cribbing. What should I do [~busbey]? Or is it
supposed to be like that?
> Web UI Framable Page
> --------------------
>
> Key: HBASE-14148
> URL: https://issues.apache.org/jira/browse/HBASE-14148
> Project: HBase
> Issue Type: Bug
> Reporter: Apekshit Sharma
> Assignee: Apekshit Sharma
> Attachments: HBASE-14148-master.patch, HBASE-14148-v2-master.patch,
> HBASE-14148-v3-master.patch
>
>
> The web UIs do not include the "X-Frame-Options" header to prevent the pages
> from being framed from another site.
> Reference:
> https://www.owasp.org/index.php/Clickjacking
> https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
> https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
