Rajkumar Singh created HIVE-21902: ------------------------------------- Summary: HiveServer2 UI: Adding X-XSS-Protection, X-Content-Type-Options to jetty response header Key: HIVE-21902 URL: https://issues.apache.org/jira/browse/HIVE-21902 Project: Hive Issue Type: Improvement Reporter: Rajkumar Singh
some vulnerability are reported for webserver ui X-Frame-Options or Content-Security-Policy: frame-ancestors HTTP Headers missing on port 10002. {code} GET / HTTP/1.1 Host: HOSTNAME:10002 Connection: Keep-Alive X-XSS-Protection HTTP Header missing on port 10002. X-Content-Type-Options HTTP Header missing on port 10002. {code} after the proposed changes {code} HTTP/1.1 200 OK Date: Thu, 20 Jun 2019 05:29:59 GMT Content-Type: text/html;charset=utf-8 X-Content-Type-Options: nosniff X-FRAME-OPTIONS: SAMEORIGIN X-XSS-Protection: 1; mode=block Set-Cookie: JSESSIONID=15kscuow9cmy7qms6dzaxllqt;Path=/ Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Length: 3824 Server: Jetty(9.3.25.v20180904) {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)