[kudu-CR](branch-1.3.x) webserver: add X-Frame-Options header
Todd Lipcon has submitted this change and it was merged. Change subject: webserver: add X-Frame-Options header .. webserver: add X-Frame-Options header This adds a default 'DENY' header in order to prevent Kudu web pages from being put into cross-domain iframes. This can prevent clickjacking attacks, and generally considered a good idea for web security. See: https://www.owasp.org/index.php/Clickjacking Change-Id: Ie43ec476712c2574a4dc746dae6218f0a4195e09 Reviewed-on: http://gerrit.cloudera.org:8080/6215 Tested-by: Kudu Jenkins Reviewed-by: Dan Burkert(cherry picked from commit f6a1a60760296e7014d5d7b04ce68d0835721da8) Reviewed-on: http://gerrit.cloudera.org:8080/6233 Reviewed-by: Todd Lipcon --- M src/kudu/server/webserver-test.cc M src/kudu/server/webserver.cc M src/kudu/util/curl_util.cc M src/kudu/util/curl_util.h 4 files changed, 29 insertions(+), 12 deletions(-) Approvals: Todd Lipcon: Looks good to me, approved Kudu Jenkins: Verified -- To view, visit http://gerrit.cloudera.org:8080/6233 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ie43ec476712c2574a4dc746dae6218f0a4195e09 Gerrit-PatchSet: 2 Gerrit-Project: kudu Gerrit-Branch: branch-1.3.x Gerrit-Owner: Todd Lipcon Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Todd Lipcon
[kudu-CR](branch-1.3.x) webserver: add X-Frame-Options header
Todd Lipcon has posted comments on this change. Change subject: webserver: add X-Frame-Options header .. Patch Set 1: Code-Review+2 -- To view, visit http://gerrit.cloudera.org:8080/6233 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ie43ec476712c2574a4dc746dae6218f0a4195e09 Gerrit-PatchSet: 1 Gerrit-Project: kudu Gerrit-Branch: branch-1.3.x Gerrit-Owner: Todd LipconGerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Todd Lipcon Gerrit-HasComments: No
[kudu-CR](branch-1.3.x) webserver: add X-Frame-Options header
Todd Lipcon has uploaded a new change for review. http://gerrit.cloudera.org:8080/6233 Change subject: webserver: add X-Frame-Options header .. webserver: add X-Frame-Options header This adds a default 'DENY' header in order to prevent Kudu web pages from being put into cross-domain iframes. This can prevent clickjacking attacks, and generally considered a good idea for web security. See: https://www.owasp.org/index.php/Clickjacking Change-Id: Ie43ec476712c2574a4dc746dae6218f0a4195e09 Reviewed-on: http://gerrit.cloudera.org:8080/6215 Tested-by: Kudu Jenkins Reviewed-by: Dan Burkert(cherry picked from commit f6a1a60760296e7014d5d7b04ce68d0835721da8) --- M src/kudu/server/webserver-test.cc M src/kudu/server/webserver.cc M src/kudu/util/curl_util.cc M src/kudu/util/curl_util.h 4 files changed, 29 insertions(+), 12 deletions(-) git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/33/6233/1 -- To view, visit http://gerrit.cloudera.org:8080/6233 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie43ec476712c2574a4dc746dae6218f0a4195e09 Gerrit-PatchSet: 1 Gerrit-Project: kudu Gerrit-Branch: branch-1.3.x Gerrit-Owner: Todd Lipcon