[GitHub] zeppelin issue #2482: [ZEPPELIN-2765] Configurable X-FRAME-OPTIONS for Zeppe...

Github user krishna-pandey commented on the issue: https://github.com/apache/zeppelin/pull/2482 @felixcheung Thanks for the review. Fixed the value. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does

[GitHub] zeppelin issue #2492: [ZEPPELIN-2775] Strict-Transport-Security and X-XSS-Pr...

Github user krishna-pandey commented on the issue: https://github.com/apache/zeppelin/pull/2492 @Leemoonsoo, @felixcheung, @jongyoul, @prabhjyotsingh Please help review this. Note: Chrome Browser seems to be ignoring "X-XSS-Protection" header when value is set to

[GitHub] zeppelin issue #2492: [ZEPPELIN-2775] Strict-Transport-Security and X-XSS-Pr...

Github user krishna-pandey commented on the issue: https://github.com/apache/zeppelin/pull/2492 Above commit also took care of below test case failures. https://s3.amazonaws.com/archive.travis-ci.org/jobs/253571796/log.txt?X-Amz-Expires=30=20170717T114927Z=AWS4-HMAC-SHA256

[GitHub] zeppelin pull request #2482: [ZEPPELIN-2765] Configurable X-FRAME-OPTIONS fo...

GitHub user krishna-pandey opened a pull request: https://github.com/apache/zeppelin/pull/2482 [ZEPPELIN-2765] Configurable X-FRAME-OPTIONS for Zeppelin ### What is this PR for? The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should

[GitHub] zeppelin issue #2482: [ZEPPELIN-2765] Configurable X-FRAME-OPTIONS for Zeppe...

Github user krishna-pandey commented on the issue: https://github.com/apache/zeppelin/pull/2482 @Leemoonsoo, @felixcheung, @jongyoul, @prabhjyotsingh Please help review this. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub

Broken link on Apache Zeppelin website

/community.html was not found on this server." Thanks, Krishna Pandey

[GitHub] zeppelin pull request #2492: [ZEPPELIN-2775] Strict-Transport-Security and X...

GitHub user krishna-pandey opened a pull request: https://github.com/apache/zeppelin/pull/2492 [ZEPPELIN-2775] Strict-Transport-Security and X-XSS-Protection Headers ### What is this PR for? The HTTP Strict-Transport-Security response header (often abbreviated as HSTS

[GitHub] zeppelin issue #2494: Broken link on Apache Zeppelin website

Github user krishna-pandey commented on the issue: https://github.com/apache/zeppelin/pull/2494 I have also logged this issue as [ZEPPELIN-2783](https://issues.apache.org/jira/browse/ZEPPELIN-2783) --- If your project is set up for it, you can reply to this email and have your reply

[GitHub] zeppelin issue #2492: [ZEPPELIN-2775] Strict-Transport-Security and X-XSS-Pr...

Github user krishna-pandey commented on the issue: https://github.com/apache/zeppelin/pull/2492 @felixcheung Made the change as suggested. Also provided documentation for all HTTP Security Headers support we added recently (tested it locally). Let me know if I am still missing

[GitHub] zeppelin issue #2492: [ZEPPELIN-2775] Strict-Transport-Security and X-XSS-Pr...

Github user krishna-pandey commented on the issue: https://github.com/apache/zeppelin/pull/2492 @felixcheung Updated the documentation as per review. Let me know if any other changes are required. Thanks. --- If your project is set up for it, you can reply to this email and have

[GitHub] zeppelin pull request #2293: [ZEPPELIN-2461] Masking Jetty Server version wi...

GitHub user krishna-pandey opened a pull request: https://github.com/apache/zeppelin/pull/2293 [ZEPPELIN-2461] Masking Jetty Server version with User-configurable parameter ### What is this PR for? Security conscious organisations does not want to reveal the Application Server

[GitHub] zeppelin pull request #2293: [ZEPPELIN-2461] Masking Jetty Server version wi...

GitHub user krishna-pandey reopened a pull request: https://github.com/apache/zeppelin/pull/2293 [ZEPPELIN-2461] Masking Jetty Server version with User-configurable parameter ### What is this PR for? Security conscious organisations does not want to reveal the Application

[GitHub] zeppelin issue #2293: [ZEPPELIN-2461] Masking Jetty Server version with User...

Github user krishna-pandey commented on the issue: https://github.com/apache/zeppelin/pull/2293 @prabhjyotsingh Jenkins job is successful. @Leemoonsoo, @felixcheung, @jongyoul Can you help review this? --- If your project is set up for it, you can reply to this email and have

[GitHub] zeppelin pull request #2293: [ZEPPELIN-2461] Masking Jetty Server version wi...

Github user krishna-pandey closed the pull request at: https://github.com/apache/zeppelin/pull/2293 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so

[GitHub] zeppelin issue #2589: [DOC] 0.7.3 release note

Github user krishna-pandey commented on the issue: https://github.com/apache/zeppelin/pull/2589 LGTM except minor comment. ---

Re: [VOTE] Release Apache Zeppelin 0.7.3 (RC3)

+1 Ran PySpark and Spark use-cases successfully. Also verified PGP, SHA-512 and MD5 signatures for all binaries. On Wed, Sep 13, 2017 at 6:52 PM, Mina Lee wrote: > I propose the following RC to be released for the Apache Zeppelin 0.7.3 > release. > > The commit id is

[GitHub] zeppelin issue #2621: [Minor] Remove hardcoded key in zeppelinhub.

Github user krishna-pandey commented on the issue: https://github.com/apache/zeppelin/pull/2621 LGTM. It seems we are using SecureRandom which does not require seed explicitly to initialise and hence hardcoded key can be removed, unless we intentionally wanted a deterministic

[GitHub] zeppelin issue #2564: [ZEPPELIN-2896] Replacing addHeader with setHeader met...

Github user krishna-pandey commented on the issue: https://github.com/apache/zeppelin/pull/2564 @1ambda @Leemoonsoo Can you please help review this fix? As this is related to [ZEPPELIN-2775] which is getting shipped in 0.7.3, we may want to merge this now and get this as well

[GitHub] zeppelin issue #2564: [ZEPPELIN-2896] Replacing addHeader with setHeader met...

Github user krishna-pandey commented on the issue: https://github.com/apache/zeppelin/pull/2564 @felixcheung IMHO, it happens coz we first hit the root Context Path and Jetty redirecting it later to the landing/welcome page i.e. index.html. These headers are duplicated only

[GitHub] zeppelin issue #2550: [MINOR] Updated shiro.ini.template to include secure c...

Github user krishna-pandey commented on the issue: https://github.com/apache/zeppelin/pull/2550 LGTM! --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so

[GitHub] zeppelin issue #2550: [MINOR] Updated shiro.init.template to include secure ...

Github user krishna-pandey commented on the issue: https://github.com/apache/zeppelin/pull/2550 @VipinRathor Can you please update the description from "Updated shiro.init.template ..." to "Updated shiro.ini.template ...". --- If your project is set up f

[GitHub] zeppelin issue #2550: [MINOR] Updated shiro.ini.template to include secure c...

Github user krishna-pandey commented on the issue: https://github.com/apache/zeppelin/pull/2550 @VipinRathor Also, I think it will be a good idea to mention an one-liner in the shiro.ini.template "Enable 'cookie.secure = true' only when Zeppelin is running on HTTPS" or

[GitHub] zeppelin pull request #2564: [ZEPPELIN-2896] Replacing addHeader with setHea...

GitHub user krishna-pandey opened a pull request: https://github.com/apache/zeppelin/pull/2564 [ZEPPELIN-2896] Replacing addHeader with setHeader method in CorsFilter.java ### What is this PR for? HTTP Response Headers were being added multiple times. Replacing addHeader method

[GitHub] zeppelin issue #2564: [ZEPPELIN-2896] Replacing addHeader with setHeader met...

Github user krishna-pandey commented on the issue: https://github.com/apache/zeppelin/pull/2564 @1ambda, @Leemoonsoo, @felixcheung, @jongyoul, @prabhjyotsingh Please help review this. ---

[GitHub] zeppelin issue #2492: [ZEPPELIN-2775] Strict-Transport-Security and X-XSS-Pr...

Github user krishna-pandey commented on the issue: https://github.com/apache/zeppelin/pull/2492 @1ambda What's the value you are providing for "zeppelin.server.xxss.protection" property. It can take three possible values "0", "1" or "1; mode=bloc

[GitHub] zeppelin issue #2492: [ZEPPELIN-2775] Strict-Transport-Security and X-XSS-Pr...

Github user krishna-pandey commented on the issue: https://github.com/apache/zeppelin/pull/2492 @1ambda I am able to reproduce the issue, seems like the value is getting repeated. It turns out that all Headers are being set multiple times. I have created an issue (ZEPPELIN-2896

Re: [DISCUSS] Release 0.7.3

+1 On Tue, Aug 29, 2017 at 12:28 PM, Prabhjyot Singh wrote: > Hi, > > Since 0.7.2 release, we have resolved 22 issues and that includes most of > the critical issues in 0.7.3 umbrella issue [1]. > > With these bugs fixes, it makes Zeppelin moves towards stability,

[GitHub] zeppelin pull request #2564: [ZEPPELIN-2896] Replacing addHeader with setHea...

GitHub user krishna-pandey reopened a pull request: https://github.com/apache/zeppelin/pull/2564 [ZEPPELIN-2896] Replacing addHeader with setHeader method in CorsFilter.java ### What is this PR for? HTTP Response Headers were being added multiple times. Replacing addHeader

[GitHub] zeppelin pull request #2564: [ZEPPELIN-2896] Replacing addHeader with setHea...

Github user krishna-pandey closed the pull request at: https://github.com/apache/zeppelin/pull/2564 ---

[GitHub] zeppelin issue #2621: [Minor] Remove hardcoded key in zeppelinhub.

Github user krishna-pandey commented on the issue: https://github.com/apache/zeppelin/pull/2621 We need to consider below while removing the key. Are we relying on any such behaviour by specifying the seed value? "If two instances of Random are created with the same

Re: [ANNOUNCE] Apache Zeppelin 0.8.0 released

Awesome. Lots of new feature made it's way in this release. Kudos to all contributors. Thanks, Krishna Pandey On Thu, Jun 28, 2018 at 2:10 PM Chaoran Yu wrote: > Thanks Jeff for preparing the release. > > But the Docker image for 0.8.0 is failing: > https://hub.docker.com/r/apa

[jira] [Created] (ZEPPELIN-2765) Configurable X-FRAME-OPTIONS for Zeppelin

Krishna Pandey created ZEPPELIN-2765: Summary: Configurable X-FRAME-OPTIONS for Zeppelin Key: ZEPPELIN-2765 URL: https://issues.apache.org/jira/browse/ZEPPELIN-2765 Project: Zeppelin

[jira] [Created] (ZEPPELIN-2783) Broken link at Apache Zeppelin website's Contributions page

Krishna Pandey created ZEPPELIN-2783: Summary: Broken link at Apache Zeppelin website's Contributions page Key: ZEPPELIN-2783 URL: https://issues.apache.org/jira/browse/ZEPPELIN-2783 Project

[jira] [Created] (ZEPPELIN-2775) Add configurable Strict-Transport-Security and X-XSS-Protection Headers

Krishna Pandey created ZEPPELIN-2775: Summary: Add configurable Strict-Transport-Security and X-XSS-Protection Headers Key: ZEPPELIN-2775 URL: https://issues.apache.org/jira/browse/ZEPPELIN-2775

[jira] [Created] (ZEPPELIN-2461) Masking Jetty Server version with User-configurable parameter

Krishna Pandey created ZEPPELIN-2461: Summary: Masking Jetty Server version with User-configurable parameter Key: ZEPPELIN-2461 URL: https://issues.apache.org/jira/browse/ZEPPELIN-2461 Project

[jira] [Created] (ZEPPELIN-2896) HTTP Response headers are being set multiple times

Krishna Pandey created ZEPPELIN-2896: Summary: HTTP Response headers are being set multiple times Key: ZEPPELIN-2896 URL: https://issues.apache.org/jira/browse/ZEPPELIN-2896 Project: Zeppelin

[jira] [Created] (ZEPPELIN-4584) Default error page for Zeppelin masking Jetty Server version

Krishna Pandey created ZEPPELIN-4584: Summary: Default error page for Zeppelin masking Jetty Server version Key: ZEPPELIN-4584 URL: https://issues.apache.org/jira/browse/ZEPPELIN-4584 Project

[jira] [Created] (ZEPPELIN-4723) Configure Security Features in Zeppelin to be enabled by default

Krishna Pandey created ZEPPELIN-4723: Summary: Configure Security Features in Zeppelin to be enabled by default Key: ZEPPELIN-4723 URL: https://issues.apache.org/jira/browse/ZEPPELIN-4723 Project

[jira] [Created] (ZEPPELIN-4724) Zeppelin Documentation link in top menubar is broken for 0.9.0-SNAPSHOT

Krishna Pandey created ZEPPELIN-4724: Summary: Zeppelin Documentation link in top menubar is broken for 0.9.0-SNAPSHOT Key: ZEPPELIN-4724 URL: https://issues.apache.org/jira/browse/ZEPPELIN-4724