exceptionfactory opened a new pull request, #6020: URL: https://github.com/apache/nifi/pull/6020
# Summary [NIFI-9995](https://issues.apache.org/jira/browse/NIFI-9995) Replaces multiple custom Servlet Filters with the Spring Security `HeaderWriterFilter`, configured with Header Writers to apply the same security-related HTTP response headers. Replacing the custom filters with one filter simplifies Servlet Filter chain processing for HTTP requests and responses while maintaining the same functionality. Making the change in the `StandardRequestFilterProvider` continues to apply the headers to all applicable web applications loaded during NiFi initialization. The standard configuration matches the current response headers and returns the following: ``` Content-Security-Policy: frame-ancestors 'self' Strict-Transport-Security: max-age=31536000 ; includeSubDomains X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block ``` The default `HstsHeaderWriter` configuration avoids writing the `Strict-Transport-Security` header for non-HTTPS requests, so the conditional configuration check is no longer necessary. # Tracking Please complete the following tracking steps prior to pull request creation. ### Issue Tracking - [X] [Apache NiFi Jira](https://issues.apache.org/jira/browse/NIFI) issue created ### Pull Request Tracking - [X] Pull Request title starts with Apache NiFi Jira issue number, such as `NIFI-0000` - [X] Pull Request commit message starts with Apache NiFi Jira issue number, as such `NIFI-0000` ### Pull Request Formatting - [X] Pull Request based on current revision of the `main` branch - [X] Pull Request refers to a feature branch with one commit containing changes # Verification Please indicate the verification steps performed prior to pull request creation. ### Build - [X] Build completed using `mvn clean install -P contrib-check` - [X] JDK 8 - [ ] JDK 11 - [ ] JDK 17 ### Licensing - [ ] New dependencies are compatible with the [Apache License 2.0](https://apache.org/licenses/LICENSE-2.0) according to the [License Policy](https://www.apache.org/legal/resolved.html) - [ ] New dependencies are documented in applicable `LICENSE` and `NOTICE` files ### Documentation - [ ] Documentation formatting appears as expected in rendered files -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
