Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
3.1.1
-
None
-
Reviewed
Description
Currently, HiveServer UI HTTP response header doesn't have Strict-Transport-Security set so will be adding this to default header.
expected response after patch:
HTTP/1.1 200 OK Date: Wed, 10 Jul 2019 22:47:34 GMT Content-Type: text/html;charset=utf-8 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-FRAME-OPTIONS: SAMEORIGIN X-XSS-Protection: 1; mode=block Set-Cookie: JSESSIONID=fby9p6p5olb12xui7kj93uys;Path=/;HttpOnly Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Length: 3824 Server: Jetty(9.3.25.v20180904)