Review Request 52456: Modify HTTP headers to follow best security practices

Fri, 30 Sep 2016 15:56:40 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52456/
-----------------------------------------------------------

Review request for Ambari, Di Li, Robert Levas, and Yusaku Sako.


Bugs: AMBARI-17311
    https://issues.apache.org/jira/browse/AMBARI-17311


Repository: ambari


Description
-------

This patch adds the following HTTP headers to follow security best practices.

X-Content-Type-Options: nosniff
Cache-control: no-store
Pragma: no-cache


Diffs
-----

  ambari-server/conf/unix/ambari.properties 4dcbe99 
  ambari-server/conf/windows/ambari.properties 64cce3b 
  
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
 2e850ef 
  
ambari-server/src/main/java/org/apache/ambari/server/security/AbstractSecurityHeaderFilter.java
 05c9ecb 
  
ambari-server/src/main/java/org/apache/ambari/server/security/AmbariServerSecurityHeaderFilter.java
 b40953b 
  
ambari-server/src/main/java/org/apache/ambari/server/security/AmbariViewsSecurityHeaderFilter.java
 5bff4e3 
  
ambari-server/src/test/java/org/apache/ambari/server/security/AbstractSecurityHeaderFilterTest.java
 7be70a3 
  
ambari-server/src/test/java/org/apache/ambari/server/security/AmbariServerSecurityHeaderFilterTest.java
 6537130 
  
ambari-server/src/test/java/org/apache/ambari/server/security/AmbariViewsSecurityHeaderFilterTest.java
 c9d7974 

Diff: https://reviews.apache.org/r/52456/diff/


Testing
-------

Test cases have been updated to test with the new headers added.
Also did manual testing.


Thanks,

Sangeeta Ravindran

Reply via email to