Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-25159

http.strict-transport-security change does not take affect in 2.7.x

    XMLWordPrintableJSON

Details

    Description

      Updating the below configurations does not take affect in Ambari 2.7.x version

      http.strict-transport-security=max-age=0
      views.http.strict-transport-security=max-age=0
      

      After setting the above configurations still API response gives below max-age headers.

      Strict-Transport-Security: max-age=31536000 ; includeSubDomains
      

      I see AmbariServerSecurityHeaderFilter.java setting the correctly defined params but later somehow it is going to default value.

      This works fine in 2.6.x versions.

      Attachments

        Activity

          People

            mpapirkovskyy Papirkovskyy Myroslav
            apappu@hortonworks.com amarnath reddy pappu
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 3h
                3h