Skip to content

Commit

Permalink
Merge pull request #1088 from cdapio/cherry-pick/6.9-CDAP-20760
Browse files Browse the repository at this point in the history
[Cherry Pick] 6.9.2-CDAP-20760
  • Loading branch information
sumengwang authored Aug 7, 2023
2 parents 66fae23 + cbaef7b commit f4b1023
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 5 deletions.
6 changes: 5 additions & 1 deletion server/config/development/cdap.json
Original file line number Diff line number Diff line change
Expand Up @@ -16,5 +16,9 @@
"session.secret.key": "sample-secret-key-for-encryption",
"feature.lifecycle.management.edit.enabled": "true",
"ui.analyticsTag": "",
"ui.GTM": ""
"ui.GTM": "",
"hsts.enabled": "false",
"hsts.max.age": 31536000,
"hsts.include.sub.domains": "true",
"hsts.preload": "true"
}
14 changes: 10 additions & 4 deletions server/express.js
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,11 @@ function makeApp(authAddress, cdapConfig, uiSettings) {

if (!isModeDevelopment()) {
const proxyBaseUrl = cdapConfig['dashboard.proxy.base.url'];
const hstsSettings = {
maxAge: parseInt(cdapConfig["hsts.max.age"]),
includeSubDomains: cdapConfig["hsts.include.sub.domains"] === 'true',
preload: cdapConfig["hsts.preload"] === 'true',
}
let cspWhiteListUrls = [];
if (proxyBaseUrl) {
cspWhiteListUrls.push(proxyBaseUrl);
Expand Down Expand Up @@ -181,10 +186,7 @@ function makeApp(authAddress, cdapConfig, uiSettings) {
reportUri: `https://csp.withgoogle.com/csp/cdap`,
},
},
hsts: {
includeSubDomains: true,
preload: true,
},
hsts: cdapConfig["hsts.enabled"] === 'true' && hstsSettings,
// Hub icons are cross-origin but don't supply CORS headers
// TODO credentialless will also work but isn't supported by FF and Safari
crossOriginEmbedderPolicy: false
Expand Down Expand Up @@ -239,6 +241,10 @@ function makeApp(authAddress, cdapConfig, uiSettings) {
ui: uiSettings['ui'],
k8sWorkloadIdentityEnabled: cdapConfig['master.environment.k8s.workload.identity.enabled'],
namespaceCreationHookEnabled: cdapConfig['namespaces.creation.hook.enabled'],
hstsEnabled: cdapConfig['hsts.enabled'],
hstsMaxAge: cdapConfig['hsts.max.age'],
hstsIncludeSubDomains: cdapConfig['hsts.include.sub.domains'],
hstsPreload: cdapConfig['hsts.preload'],
},
hydrator: {
previewEnabled: cdapConfig['enable.preview'] === 'true',
Expand Down

0 comments on commit f4b1023

Please sign in to comment.