Skip to content

Commit

Permalink
Set X-Frame-Options: SAMEORIGIN to protect against frame-related vuln…
Browse files Browse the repository at this point in the history 
…erability
  • Loading branch information
@srowen
srowen committed Sep 14, 2015
1 parent d815654 commit 70da85b
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions core/src/main/scala/org/apache/spark/ui/JettyUtils.scala
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,8 @@ private[spark] object JettyUtils extends Logging {
response.setStatus(HttpServletResponse.SC_OK)
val result = servletParams.responder(request)
response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate")
// SPARK-10589 avoid frame-related click-jacking vulnerability
response.setHeader("X-Frame-Options", "SAMEORIGIN")
// scalastyle:off println
response.getWriter.println(servletParams.extractFn(result))
// scalastyle:on println
Expand Down

0 comments on commit 70da85b

Please sign in to comment.