dongjoon-hyun opened a new pull request, #56642:
URL: https://github.com/apache/spark/pull/56642

   ### What changes were proposed in this pull request?
   
   This PR adds a new config `spark.ui.contentSecurityPolicy.enabled` (default 
`false`) that gates the `Content-Security-Policy` response header introduced in 
SPARK-55252. The header is now only set when the config is enabled.
   
   ### Why are the changes needed?
   
   To make the Spark UI `Content-Security-Policy` header opt-in, disabling it 
by default in Apache Spark 4.2.0.
   
   ### Does this PR introduce _any_ user-facing change?
   
   No behavior change because Spark UI no longer sends the 
`Content-Security-Policy` header.  Previously, it was a breaking change.
   
   ### How was this patch tested?
   
   Pass the CIs.
   
   ### Was this patch authored or co-authored using generative AI tooling?
   
   Generated-by: Claude Code (Claude Opus 4.8)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to