mirror of
https://github.com/apache/zeppelin
synced 2026-05-24 09:38:26 +00:00
Configurable X-FRAME-OPTIONS for Zeppelin
This commit is contained in:
parent
985b86e4d2
commit
518f1a4a21
3 changed files with 15 additions and 0 deletions
|
|
@ -388,5 +388,12 @@
|
|||
<description>Hardcoding Application Server name to Prevent Fingerprinting</description>
|
||||
</property>
|
||||
-->
|
||||
<!--
|
||||
<property>
|
||||
<name>zeppelin.server.xframe.options</name>
|
||||
<value>SAMEORIGIN</value>
|
||||
<description>The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a frame/iframe/object.</description>
|
||||
</property>
|
||||
-->
|
||||
|
||||
</configuration>
|
||||
|
|
|
|||
|
|
@ -80,6 +80,7 @@ public class CorsFilter implements Filter {
|
|||
DateFormat fullDateFormatEN =
|
||||
DateFormat.getDateTimeInstance(DateFormat.FULL, DateFormat.FULL, new Locale("EN", "en"));
|
||||
response.addHeader("Date", fullDateFormatEN.format(new Date()));
|
||||
response.addHeader("X-FRAME-OPTIONS", ZeppelinConfiguration.create().getXFrameOptions());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -510,6 +510,12 @@ public class ZeppelinConfiguration extends XMLConfiguration {
|
|||
return getString(ConfVars.ZEPPELIN_SERVER_JETTY_NAME);
|
||||
}
|
||||
|
||||
|
||||
public String getXFrameOptions() {
|
||||
return getString(ConfVars.ZEPPELIN_SERVER_XFRAME_OPTIONS);
|
||||
}
|
||||
|
||||
|
||||
public Map<String, String> dumpConfigurations(ZeppelinConfiguration conf,
|
||||
ConfigurationKeyPredicate predicate) {
|
||||
Map<String, String> configurations = new HashMap<>();
|
||||
|
|
@ -664,6 +670,7 @@ public class ZeppelinConfiguration extends XMLConfiguration {
|
|||
ZEPPELIN_CREDENTIALS_PERSIST("zeppelin.credentials.persist", true),
|
||||
ZEPPELIN_WEBSOCKET_MAX_TEXT_MESSAGE_SIZE("zeppelin.websocket.max.text.message.size", "1024000"),
|
||||
ZEPPELIN_SERVER_DEFAULT_DIR_ALLOWED("zeppelin.server.default.dir.allowed", false),
|
||||
ZEPPELIN_SERVER_XFRAME_OPTIONS("zeppelin.server.xframe.options", "SAME-ORIGIN"),
|
||||
ZEPPELIN_SERVER_JETTY_NAME("zeppelin.server.jetty.name", null);
|
||||
|
||||
private String varName;
|
||||
|
|
|
|||
Loading…
Reference in a new issue