[jira] [Commented] (HIVE-21902) HiveServer2 UI: Adding X-XSS-Protection, X-Content-Type-Options to jetty response header

Hive QA (JIRA) Thu, 20 Jun 2019 02:40:13 -0700


    [ 
https://issues.apache.org/jira/browse/HIVE-21902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16868399#comment-16868399
 ]


Hive QA commented on HIVE-21902:
--------------------------------



Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12972294/HIVE-21902.patch

{color:red}ERROR:{color} -1 due to no test(s) being added or modified.

{color:red}ERROR:{color} -1 due to 1 failed/errored test(s), 16173 tests 
executed
*Failed tests:*
{noformat}
org.apache.hadoop.hive.common.metrics.metrics2.TestCodahaleMetrics.testFileReporting
 (batchId=297)
{noformat}

Test results: 
https://builds.apache.org/job/PreCommit-HIVE-Build/17668/testReport
Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/17668/console
Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-17668/

Messages:
{noformat}
Executing org.apache.hive.ptest.execution.TestCheckPhase
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.YetusPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
Tests exited with: TestsFailedException: 1 tests failed
{noformat}

This message is automatically generated.

ATTACHMENT ID: 12972294 - PreCommit-HIVE-Build

> HiveServer2 UI: Adding X-XSS-Protection, X-Content-Type-Options to jetty 
> response header
> ----------------------------------------------------------------------------------------
>
>                 Key: HIVE-21902
>                 URL: https://issues.apache.org/jira/browse/HIVE-21902
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Rajkumar Singh
>            Assignee: Rajkumar Singh
>            Priority: Major
>         Attachments: HIVE-21902.patch
>
>
> some vulnerability are reported for webserver ui
> X-Frame-Options or Content-Security-Policy: frame-ancestors HTTP Headers 
> missing on port 10002. 
> {code}
> GET / HTTP/1.1 
> Host: HOSTNAME:10002 
> Connection: Keep-Alive 
> X-XSS-Protection HTTP Header missing on port 10002. 
> X-Content-Type-Options HTTP Header missing on port 10002. 
> {code}
> after the proposed changes
> {code}
> HTTP/1.1 200 OK
> Date: Thu, 20 Jun 2019 05:29:59 GMT
> Content-Type: text/html;charset=utf-8
> X-Content-Type-Options: nosniff
> X-FRAME-OPTIONS: SAMEORIGIN
> X-XSS-Protection: 1; mode=block
> Set-Cookie: JSESSIONID=15kscuow9cmy7qms6dzaxllqt;Path=/
> Expires: Thu, 01 Jan 1970 00:00:00 GMT
> Content-Length: 3824
> Server: Jetty(9.3.25.v20180904)
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (HIVE-21902) HiveServer2 UI: Adding X-XSS-Protection, X-Content-Type-Options to jetty response header

Reply via email to