incubator-livy icon indicating copy to clipboard operation
incubator-livy copied to clipboard

Published 20 hours ago verified publisher icon apache

[LIVY-785] Enable adding security related HTTP headers to responses

Open andrasbeni opened this issue 4 years ago • 0 comments

What changes were proposed in this pull request?

This change introduces a new configuration option livy.server.security-headers.enabled. When this property is set to true, the following security headers are added to HTTP responses by default:

  • X-XSS-Protection
  • X-Frame_options
  • X-Content-Type-Options

Also, adds content type information to all responses as required when using content type option nosniff

How was this patch tested?

Tested manually

andrasbeni avatar Aug 19 '20 07:08 andrasbeni