drill-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [drill] arina-ielchiieva commented on a change in pull request #2025: DRILL-7626: Add ability to set HTTP response headers
Date Sun, 15 Mar 2020 13:18:53 GMT
arina-ielchiieva commented on a change in pull request #2025: DRILL-7626: Add ability to set
HTTP response headers
URL: https://github.com/apache/drill/pull/2025#discussion_r392673072
 
 

 ##########
 File path: distribution/src/main/resources/drill-override-example.conf
 ##########
 @@ -176,6 +176,15 @@ drill.exec: {
           validatePeerCerts: false,
           # true if SSL wants client authentication.
           wantClientAuth: false
+        },
+        response: {
+          # any response headers with constant values may be configured like this
+          headers: {
+            "X-XSS-Protection": "1; mode=block",
+            "X-Content-Type-Options": "nosniff",
+            "Strict-Transport-Security": "max-age=31536000;includeSubDomains",
+            "Content-Security-Policy": "default-src https:; script-src 'unsafe-inline' https:;
style-src 'unsafe-inline' https:; font-src data: https:; img-src data: https:"
 
 Review comment:
   Could you please create Jira to remove inline from scripts and styles and leave comment
here with reference to this Jira indicating why we have to allow inline for now. Thanks.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message