David Handermann created NIFI-14115:
---------------------------------------
Summary: Set Standard HTTP Response Headers for All Requests
Key: NIFI-14115
URL: https://issues.apache.org/jira/browse/NIFI-14115
Project: Apache NiFi
Issue Type: Improvement
Components: Core Framework
Reporter: David Handermann
Assignee: David Handermann
The framework Jetty Server includes standard Servlet Filters to set the
following HTTP response headers on web application requests:
* Content-Security-Policy
* X-Frame-Options
* Strict-Transport-Security
* X-XSS-Protection
The current implementation applies these Filters to all web applications. This
covers all HTTP requests to the NiFi REST API and user interface resources.
Jetty serves requests to the root server URL or non-existent paths using
standard Handlers, which do not use Servlet Filters. The implementation
approach should be adjusted to use apply these response headers using a Jetty
Handler, regardless of web application, for consistency across framework HTTP
responses.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
