Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/18285 )
Change subject: [www] Add CSP header to web UI ...................................................................... Patch Set 1: (2 comments) http://gerrit.cloudera.org:8080/#/c/18285/1//COMMIT_MSG Commit Message: PS1: Does it make sense to add a test into webserver-test.cc to check for the presence of the CSP header in the webserver's response? http://gerrit.cloudera.org:8080/#/c/18285/1/src/kudu/server/webserver.cc File src/kudu/server/webserver.cc: http://gerrit.cloudera.org:8080/#/c/18285/1/src/kudu/server/webserver.cc@684 PS1, Line 684: Content-Security-Policy Does it make sense to add a kill-switch flag to disable adding the CSP header? I guess that by default the header should be present, but in case of unexpected compatibility it might be a good idea to have a control knob to disable the header. -- To view, visit http://gerrit.cloudera.org:8080/18285 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I411d8f4ca079bfd5584f563aeeaa867833eb1106 Gerrit-Change-Number: 18285 Gerrit-PatchSet: 1 Gerrit-Owner: Attila Bukor <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Comment-Date: Wed, 08 Jun 2022 19:14:04 +0000 Gerrit-HasComments: Yes
