anmolnar commented on issue #843: HBASE-23303 Add security headers to REST server/info page URL: https://github.com/apache/hbase/pull/843#issuecomment-561743161 @brfrn169 @busbey In the latest commit I added back `ClickjackingPreventionFilter` to avoid renaming the class. Instead I added `SecurityHeadersFilter` as a new filter. To keep HTTP-friendliness for both services default values of HSTS and CSP headers are empty which means that headers will not be added to the response. Rather than hardcoding magic values I made both headers configurable. X-Content-Type-Options and X-XSS-Protection still have some meaningful defaults and not configurable at the moment. Currently I'm looking for a nice way to add some unit tests.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
