Details
-
Improvement
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
None
-
None
Description
NiFi Registry has a common set of filters that apply several standard security-related HTTP headers to responses. The Jetty Server configuration applies these headers to the Registry API and UI applications, but requests to the root path do not return these headers, which can be misleading to some automated security scanners. For a consistent approach, the security-related headers should be applied using a Jetty Handler that works for all requests and responses.
Attachments
Issue Links
- links to
