[HIVE-21986] HiveServer Web UI: Setting the Strict-Transport-Security in default response header - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.1.1
Fix Version/s: 4.0.0-alpha-1
Component/s: HiveServer2
Labels:
None

Hadoop Flags:

Reviewed

Description

Currently, HiveServer UI HTTP response header doesn't have Strict-Transport-Security set so will be adding this to default header.

expected response after patch:

HTTP/1.1 200 OK
Date: Wed, 10 Jul 2019 22:47:34 GMT
Content-Type: text/html;charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-FRAME-OPTIONS: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Set-Cookie: JSESSIONID=fby9p6p5olb12xui7kj93uys;Path=/;HttpOnly
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 3824
Server: Jetty(9.3.25.v20180904)

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HIVE-21986.patch
10/Jul/19 22:53
1 kB
Rajkumar Singh
HIVE-21986.01.patch
11/Jul/19 22:18
2 kB
Rajkumar Singh
HIVE-21986.02.patch
13/Jul/19 23:11
2 kB
Rajkumar Singh
HIVE-21986.03.patch
16/Jul/19 03:58
2 kB
Rajkumar Singh

Activity

People

Assignee:: Rajkumar Singh

Reporter:: Rajkumar Singh

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 10/Jul/19 22:51

Updated:: 17/Nov/22 08:51

Resolved:: 17/Jul/19 18:41