Supplying String instead of Int (required for Response Header)

2026-05-24 09:38:26 +00:00 · 2017-07-17 17:32:31 +05:30 · 2017-07-17 17:32:31 +05:30 · 754d2d71e5
commit 754d2d71e5
parent 468231cc65
2 changed files with 2 additions and 2 deletions
--- a/conf/zeppelin-site.xml.template
+++ b/conf/zeppelin-site.xml.template
@ -406,7 +406,7 @@
 <!--
 <property>
  <name>zeppelin.server.xxss.protection</name>
-  <value>1</value>
+  <value>1; mode=block</value>
  <description>The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. When value is set to 1 and a cross-site scripting attack is detected, the browser will sanitize the page (remove the unsafe parts).</description>
 </property>
 -->
--- a/zeppelin-zengine/src/main/java/org/apache/zeppelin/conf/ZeppelinConfiguration.java
+++ b/zeppelin-zengine/src/main/java/org/apache/zeppelin/conf/ZeppelinConfiguration.java
@ -681,7 +681,7 @@ public class ZeppelinConfiguration extends XMLConfiguration {
    ZEPPELIN_SERVER_XFRAME_OPTIONS("zeppelin.server.xframe.options", "SAMEORIGIN"),
    ZEPPELIN_SERVER_JETTY_NAME("zeppelin.server.jetty.name", null),
    ZEPPELIN_SERVER_STRICT_TRANSPORT("zeppelin.server.strict.transport", "max-age=631138519"),
-    ZEPPELIN_SERVER_X_XSS_PROTECTION("zeppelin.server.xxss.protection", 1);
+    ZEPPELIN_SERVER_X_XSS_PROTECTION("zeppelin.server.xxss.protection", "1");

    private String varName;
    @SuppressWarnings("rawtypes")