[
https://issues.apache.org/jira/browse/NIFI-9995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17532960#comment-17532960
]
ASF subversion and git services commented on NIFI-9995:
-------------------------------------------------------
Commit ea75a0a996ad937dcf501ab1dda8411b93d2f093 in nifi's branch
refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=ea75a0a996 ]
NIFI-9995 Replaced Custom Filters with Spring Security HeaderWriter
Signed-off-by: Nathan Gough <[email protected]>
This closes #6020.
> Replace Custom Header Filters with Spring Security Filters
> ----------------------------------------------------------
>
> Key: NIFI-9995
> URL: https://issues.apache.org/jira/browse/NIFI-9995
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Minor
> Time Spent: 40m
> Remaining Estimate: 0h
>
> The NiFi Jetty Server uses the following custom Servlet Filters to apply
> standard security-related HTTP response headers:
> * ContentSecurityPolicyFilter
> * StrictTransportSecurityFilter
> * XContentTypeOptionsFilter
> * XFrameOptionsFilter
> * XSSProtectionFilter
> Spring Security includes a standard HeaderWriterFilter with standard writers
> for all of these response headers. Replacing multiple Servlet Filters with a
> single Filter simplifies the filter chain invocation for all HTTP requests
> and provides the same response headers.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
