[GitHub] zeppelin pull request #2492: [ZEPPELIN-2775] Strict-Transport-Security and X...

2017-08-03 Thread asfgit 
Github user asfgit closed the pull request at:

https://github.com/apache/zeppelin/pull/2492


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #2492: [ZEPPELIN-2775] Strict-Transport-Security and X...

2017-07-14 Thread krishna-pandey 
GitHub user krishna-pandey opened a pull request:

https://github.com/apache/zeppelin/pull/2492

[ZEPPELIN-2775] Strict-Transport-Security and X-XSS-Protection Headers

### What is this PR for?
The HTTP Strict-Transport-Security response header (often abbreviated as 
HSTS) is a security feature that lets a web site tell browsers that it should 
only be communicated with using HTTPS, instead of using HTTP.
Note: The Strict-Transport-Security header is ignored by the browser when 
your site is accessed using HTTP; this is because an attacker may intercept 
HTTP connections and inject the header or remove it. When your site is accessed 
over HTTPS with no certificate errors, the browser knows your site is HTTPS 
capable and will honor the Strict-Transport-Security header.

The HTTP X-XSS-Protection response header is a feature of Internet 
Explorer, Chrome and Safari that stops pages from loading when they detect 
reflected cross-site scripting (XSS) attacks.

### What type of PR is it?
[Bug Fix | Improvement ]

### What is the Jira issue?
* [ZEPPELIN-2775](https://issues.apache.org/jira/browse/ZEPPELIN-2775)

### How should this be tested?
Make a curl call to Zeppelin? Go to Chrome Browser and select "More Tools" 
-> "Developer Tools" from the right-side menu. Under Network Section, select 
any request and check for "Response Headers". You should see below headers 
along with existing ones.

> strict-transport-security:max-age=631138519
> x-xss-protection:1; mode=block

https://user-images.githubusercontent.com/6433184/28217231-16ce6cee-68d2-11e7-91aa-77ad083612c7.png";>


### Questions:
* Does this needs documentation?


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/krishna-pandey/zeppelin ZEPPELIN-2775

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/zeppelin/pull/2492.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #2492


commit 468231cc6577b2acf8fbd592177fee9ad1b067b4
Author: krishna-pandey 
Date:   2017-07-14T11:34:36Z

Added configurable Strict-Transport-Security and X-XSS-Protection Headers




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---