[IMPALA-12031] Add security-related HTTP headers - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: Impala 4.2.0
Fix Version/s: Impala 4.3.0
Component/s: Frontend
Labels:
None

Epic Color:
ghx-label-1

Description

Add

Strict-Transport-Security: max-age=31536000; includeSubDomains when Impala serves HTTPS. Note that Impala's web server only serves HTTP or HTTPS, never both at once.
X-Content-Type-Options: nosniff. Impala does not provide any way to upload files.
Cache-control: no-store
to Impala's web UI to provide additional comfort for security folks.

Attachments

Activity

People

Assignee:: Michael Smith

Reporter:: Michael Smith

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 29/Mar/23 18:20

Updated:: 03/Apr/23 16:42

Resolved:: 03/Apr/23 16:42