Github user alopresto commented on the issue:
https://github.com/apache/nifi/pull/2908
I can observe that passing a valid (whitelisted in *nifi.properties*:
`nifi.web.proxy.context.path=some/path`) but unused `X-ProxyContextPath` is
handled fine, while passing a malicious one `X-ProxyContextPath`:
`/nifi/assets/reset.css/reset.css\" type=\"text/css\" /><script
type=\"text/javascript\">alert(\"omg\");</script><link rel=\"stylesheet\"
href=\"` results in the expected error and is logged to the `nifi-app.log`
file.
---
