Review Request 53788: HTTP responses needs to have the character encoding specified in the content type header

Anita Jebaraj Tue, 15 Nov 2016 09:05:13 -0800

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/53788/
-----------------------------------------------------------


Review request for Ambari, Di Li, Robert Levas, and Sangeeta Ravindran.


Bugs: AMBARI-18871
    https://issues.apache.org/jira/browse/AMBARI-18871


Repository: ambari


Description
-------

The charset information(UTF-8) can be added to all the response headers to 
harden the security for the client. When the charset information is not 
specified the web browser may choose a different encoding by guessing which 
encoding is actually being used by the web page.

This specific issue is mentioned in the section 3.1.1.5 of RFC7231


Diffs
-----

  ambari-server/conf/unix/ambari.properties 371653f 
  ambari-server/conf/windows/ambari.properties e47319e 
  
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
 15f186b 
  
ambari-server/src/main/java/org/apache/ambari/server/security/AbstractSecurityHeaderFilter.java
 423a013 
  
ambari-server/src/main/java/org/apache/ambari/server/security/AmbariServerSecurityHeaderFilter.java
 aa00ac2 
  
ambari-server/src/main/java/org/apache/ambari/server/security/AmbariViewsSecurityHeaderFilter.java
 d1be8cc 
  
ambari-server/src/test/java/org/apache/ambari/server/security/AbstractSecurityHeaderFilterTest.java
 d812ee6 

Diff: https://reviews.apache.org/r/53788/diff/


Testing
-------

Ran mvn test.

The test cases failing in hadoop QA is not related to the patch for this jira


Thanks,

Anita Jebaraj

Review Request 53788: HTTP responses needs to have the character encoding specified in the content type header

Reply via email to