[OOZIE-3312] Add support for HSTS - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 5.2.0
Component/s: security
Labels:
None

Description

As a security best practice we should add support for HSTS via oozie-site.xml in case of embedded Jetty.
https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet
http://www.eclipse.org/jetty/documentation/9.3.x/embedded-examples.html - this page is not available anymore

https://www.eclipse.org/jetty/documentation/9.4.15.v20190215/embedded-examples.html

Maybe we should even make it enabled by default when SSL is configured.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

OOZIE-3312-005.patch
11/Mar/19 08:48
6 kB
Kinga Marton
OOZIE-3312-004.patch
11/Mar/19 06:47
6 kB
Kinga Marton
OOZIE-3312-003.patch
08/Mar/19 13:41
6 kB
Kinga Marton
OOZIE-3312-002.patch
08/Mar/19 10:02
6 kB
Kinga Marton
OOZIE-3312-001.patch
07/Mar/19 15:28
6 kB
Kinga Marton

Issue Links

links to

Activity

People

Assignee:: Kinga Marton

Reporter:: Gézapeti

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 02/Aug/18 09:14

Updated:: 09/Dec/19 08:54

Resolved:: 11/Mar/19 10:54