Github user alopresto commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2989#discussion_r215465715
--- Diff:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
---
@@ -502,6 +503,11 @@ private WebAppContext loadWar(final File warFile,
final String contextPath, fina
// add a filter to set the X-Frame-Options filter
webappContext.addFilter(new FilterHolder(FRAME_OPTIONS_FILTER),
"/*", EnumSet.allOf(DispatcherType.class));
+ // add a filter to set the Content Security Policy frame-ancestors
directive
+ FilterHolder cspFilter = new FilterHolder(new
ContentSecurityPolicyFilter());
--- End diff --
From what I can tell by tracing the Jetty code, this is almost equivalent
to just assigning the `Filter` directly via `addFilter()`. Do you have a
resource or documentation that indicates why using a `FilterHolder` is
preferable?
---
