Github user krishna-pandey commented on a diff in the pull request:
https://github.com/apache/spark/pull/19419#discussion_r144348004
--- Diff: core/src/main/scala/org/apache/spark/ui/JettyUtils.scala ---
@@ -89,6 +92,13 @@ private[spark] object JettyUtils extends Logging {
val result = servletParams.responder(request)
response.setHeader("Cache-Control", "no-cache, no-store,
must-revalidate")
response.setHeader("X-Frame-Options", xFrameOptionsValue)
+
xXssProtectionValue.foreach(response.setHeader("X-XSS-Protection", _))
+ if (xContentTypeOptionsValue.get.equalsIgnoreCase("true")) {
+ response.setHeader("X-Content-Type-Options", "nosniff")
+ }
+ if (conf.get("spark.ssl.enabled").equalsIgnoreCase("true")) {
--- End diff --
@jerryshao Thanks for the tip. I will do that.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
