Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Duplicate
-
None
-
None
-
None
-
None
Description
The web UIs do not include the "X-Frame-Options" header to prevent the pages from being framed from another site.
Reference:
https://www.owasp.org/index.php/Clickjacking
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
Attachments
Attachments
Issue Links
- is superceded by
-
HADOOP-13008 Add XFS Filter for UIs to Hadoop Common
- Resolved
- relates to
-
HADOOP-13008 Add XFS Filter for UIs to Hadoop Common
- Resolved