[
https://issues.apache.org/jira/browse/NIFI-14115?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann updated NIFI-14115:
------------------------------------
Status: Patch Available (was: In Progress)
> Set Standard HTTP Response Headers for All Requests
> ---------------------------------------------------
>
> Key: NIFI-14115
> URL: https://issues.apache.org/jira/browse/NIFI-14115
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Minor
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The framework Jetty Server includes standard Servlet Filters to set the
> following HTTP response headers on web application requests:
> * Content-Security-Policy
> * X-Frame-Options
> * Strict-Transport-Security
> * X-XSS-Protection
> The current implementation applies these Filters to all web applications.
> This covers all HTTP requests to the NiFi REST API and user interface
> resources. Jetty serves requests to the root server URL or non-existent paths
> using standard Handlers, which do not use Servlet Filters. The implementation
> approach should be adjusted to use apply these response headers using a Jetty
> Handler, regardless of web application, for consistency across framework HTTP
> responses.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
