Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-21986

HiveServer Web UI: Setting the Strict-Transport-Security in default response header

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.1
    • Fix Version/s: 4.0.0
    • Component/s: HiveServer2
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      Currently, HiveServer UI HTTP response header doesn't have Strict-Transport-Security set so will be adding this to default header.

      expected response after patch:

      HTTP/1.1 200 OK
      Date: Wed, 10 Jul 2019 22:47:34 GMT
      Content-Type: text/html;charset=utf-8
      Strict-Transport-Security: max-age=31536000; includeSubDomains
      X-Content-Type-Options: nosniff
      X-FRAME-OPTIONS: SAMEORIGIN
      X-XSS-Protection: 1; mode=block
      Set-Cookie: JSESSIONID=fby9p6p5olb12xui7kj93uys;Path=/;HttpOnly
      Expires: Thu, 01 Jan 1970 00:00:00 GMT
      Content-Length: 3824
      Server: Jetty(9.3.25.v20180904)
      

        Attachments

        1. HIVE-21986.01.patch
          2 kB
          Rajkumar Singh
        2. HIVE-21986.02.patch
          2 kB
          Rajkumar Singh
        3. HIVE-21986.03.patch
          2 kB
          Rajkumar Singh
        4. HIVE-21986.patch
          1 kB
          Rajkumar Singh

          Activity

            People

            • Assignee:
              Rajkumar Singh Rajkumar Singh
              Reporter:
              Rajkumar Singh Rajkumar Singh
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: