Re: [PR] ZOOKEEPER-5029: Port unification for PrometheusMetricsProvider [zookeeper]

[via GitHub]

PDavid commented on code in PR #2362:
URL: https://github.com/apache/zookeeper/pull/2362#discussion_r3086302527


##########
zookeeper-metrics-providers/zookeeper-prometheus-metrics/src/main/java/org/apache/zookeeper/metrics/prometheus/PrometheusMetricsProvider.java:
##########
@@ -171,23 +181,47 @@ public void start() throws 
MetricsProviderLifeCycleException {
             int acceptors = 1;
             int selectors = 1;
 
-            // Configure HTTP connector if enabled
-            if (this.httpPort != -1) {
-                ServerConnector httpConnector = new ServerConnector(server, 
acceptors, selectors);
-                httpConnector.setPort(this.httpPort);
-                httpConnector.setHost(this.host);
-                server.addConnector(httpConnector);
-            }
+            ServerConnector connector = null;
+
+            if (this.httpPort != -1 && this.httpsPort != -1 && this.httpPort 
== this.httpsPort) {
+                SecureRequestCustomizer customizer = new 
SecureRequestCustomizer();
+                customizer.setStsMaxAge(DEFAULT_STS_MAX_AGE);

Review Comment:
   STS means the Strict-Transport-Security HTTP response header.
   
   > The HTTP Strict-Transport-Security [response 
header](https://developer.mozilla.org/en-US/docs/Glossary/Response_header) 
(often abbreviated as 
[HSTS](https://developer.mozilla.org/en-US/docs/Glossary/HSTS)) informs 
browsers that the 
[host](https://developer.mozilla.org/en-US/docs/Glossary/Host) should only be 
accessed using HTTPS, and that any future attempts to access it using HTTP 
should automatically be upgraded to HTTPS. Additionally, on future connections 
to the host, the browser will not allow the user to bypass secure connection 
errors, such as an invalid certificate. HSTS identifies a host by its domain 
name only.
   
   ...
   
   > `max-age=<expire-time>`
   The time, in seconds, that the browser should remember that a host is only 
to be accessed using HTTPS.
   
   
https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Strict-Transport-Security
   
   This is implemented here the same way as we have it in JettyAdminServer:
   
https://github.com/apache/zookeeper/blob/master/zookeeper-server/src/main/java/org/apache/zookeeper/server/admin/JettyAdminServer.java#L119



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@zookeeper.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org