Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-15457

Add Security-Related HTTP Response Header in WEBUIs.

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.2.0
    • Component/s: None
    • Labels:
    • Hadoop Flags:
      Reviewed

      Description

      As of today, YARN web-ui lacks certain security related http response headers. We are planning to add few default ones and also add support for headers to be able to get added via xml config. Planning to make the below two as default.

      • X-XSS-Protection: 1; mode=block
      • X-Content-Type-Options: nosniff

       

      Support for headers via config properties in core-site.xml will be along the below lines

      <property>
           <name>hadoop.http.header.Strict_Transport_Security</name>
           <value>valHSTSFromXML</value>
       </property>

       

      A regex matcher will lift these properties and add into the response header when Jetty prepares the response.

        Attachments

        1. HADOOP-15457.001.patch
          10 kB
          Kanwaljeet Sachdev
        2. HADOOP-15457.002.patch
          10 kB
          Kanwaljeet Sachdev
        3. HADOOP-15457.003.patch
          10 kB
          Kanwaljeet Sachdev
        4. HADOOP-15457.004.patch
          8 kB
          Kanwaljeet Sachdev
        5. HADOOP-15457.005.patch
          8 kB
          Kanwaljeet Sachdev
        6. YARN-8198.001.patch
          7 kB
          Kanwaljeet Sachdev
        7. YARN-8198.002.patch
          7 kB
          Kanwaljeet Sachdev
        8. YARN-8198.003.patch
          7 kB
          Kanwaljeet Sachdev
        9. YARN-8198.004.patch
          12 kB
          Kanwaljeet Sachdev
        10. YARN-8198.005.patch
          12 kB
          Kanwaljeet Sachdev

          Activity

            People

            • Assignee:
              kanwaljeets Kanwaljeet Sachdev
              Reporter:
              kanwaljeets Kanwaljeet Sachdev
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Due:
                Created:
                Updated:
                Resolved: