[
https://issues.apache.org/jira/browse/NIFI-11558?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17725367#comment-17725367
]
ASF subversion and git services commented on NIFI-11558:
--------------------------------------------------------
Commit 5bbde66f14d8ebd25a519fd130c7a43e4e1789b0 in nifi's branch
refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=5bbde66f14 ]
NIFI-11558 Applied Security Headers to All Registry Responses
- Refactored Registry Filters to shared HeaderWriterHandler
- Refactored Registry Jetty Server with delegated HandlerProvider
Signed-off-by: Joe Gresock <[email protected]>
This closes #7258.
> Apply Security Headers to All Responses from Registry
> -----------------------------------------------------
>
> Key: NIFI-11558
> URL: https://issues.apache.org/jira/browse/NIFI-11558
> Project: Apache NiFi
> Issue Type: Improvement
> Components: NiFi Registry, Security
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Minor
> Fix For: 1.latest, 2.latest
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> NiFi Registry has a common set of filters that apply several standard
> security-related HTTP headers to responses. The Jetty Server configuration
> applies these headers to the Registry API and UI applications, but requests
> to the root path do not return these headers, which can be misleading to some
> automated security scanners. For a consistent approach, the security-related
> headers should be applied using a Jetty Handler that works for all requests
> and responses.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
