Details
-
Improvement
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
None
-
None
Description
The NiFi Jetty Server uses the following custom Servlet Filters to apply standard security-related HTTP response headers:
- ContentSecurityPolicyFilter
- StrictTransportSecurityFilter
- XContentTypeOptionsFilter
- XFrameOptionsFilter
- XSSProtectionFilter
Spring Security includes a standard HeaderWriterFilter with standard writers for all of these response headers. Replacing multiple Servlet Filters with a single Filter simplifies the filter chain invocation for all HTTP requests and provides the same response headers.
Attachments
Issue Links
- causes
-
NIFI-10284 HTTP Request Log Missing Authenticated User
- Resolved
- links to