Build #4,593

License check with RAT and Checkstyle

Build result summary

Details

Completed
Duration
6 minutes
Labels
None
Agent
bamboo-agent15
Revision
0f5d1977c179d0bb85b545daa3fead3ff95e22fd 0f5d1977c179d0bb85b545daa3fead3ff95e22fd
Successful since
#4564 ()

Code commits

Author Commit Message Commit date
Ajai <1452845+ajainarayanan@users.noreply.github.com> Ajai <1452845+ajainarayanan@users.noreply.github.com> 0f5d1977c179d0bb85b545daa3fead3ff95e22fd 0f5d1977c179d0bb85b545daa3fead3ff95e22fd Merge pull request #11516 from cdapio/bugfix-ui/add-hsts-header
Add HSTS header for TLS enabled CDAP environments
Ajai Narayan Ajai Narayan 027137c65938a97d0313994c9f15a4eaebf9d606 027137c65938a97d0313994c9f15a4eaebf9d606 [UI]Add HSTS header for TLS enabled CDAP environments
  - Adds hsts npm module
  - Adds HTTP Strict Transport Security as express middleware. This will ensure the clients using CDAP UI
will use TLS enabled UI for the max-age we specified. As soon as the browser sees the hsts in the header
it will make sure the TLS enabled CDAP UI gets used until max age specified.

This is a safe change when CDAP UI by default gets served in non-TLS enabled environment (meaning only http)

This is however not safe when clients change from https to http. Then the browser will try to go to https until the
max-age and will probably error out. Since downgrading to non-TLS enabled CDAP UI is not standard we are making this
change for now.