Github user krishna-pandey commented on a diff in the pull request: https://github.com/apache/spark/pull/19419#discussion_r144204531 --- Diff: conf/spark-defaults.conf.template --- @@ -25,3 +25,10 @@ # spark.serializer org.apache.spark.serializer.KryoSerializer # spark.driver.memory 5g # spark.executor.extraJavaOptions -XX:+PrintGCDetails -Dkey=value -Dnumbers="one two three" + +# spark.ui.allowFramingFrom https://www.example.com/ +# spark.ui.xXssProtection 1; mode=block +# spark.ui.xContentType.options nosniff + +# Enable below only when Spark is running on HTTPS +# spark.ui.strictTransportSecurity max-age=31536000 --- End diff -- The REQUIRED "max-age" directive specifies the number of seconds, after the reception of the STS header field, during which the UA regards the host (from whom the message was received) as a Known HSTS Host. Here the value is equal to 365 days. More at https://tools.ietf.org/html/rfc6797#section-6.1.1
--- --------------------------------------------------------------------- To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org For additional commands, e-mail: reviews-h...@spark.apache.org