Build #4,593

License check with RAT and Checkstyle

Code commits


  • Ajai <>

    Ajai <> 0f5d1977c179d0bb85b545daa3fead3ff95e22fd

    Merge pull request #11516 from cdapio/bugfix-ui/add-hsts-header
    Add HSTS header for TLS enabled CDAP environments

  • Ajai Narayan

    Ajai Narayan 027137c65938a97d0313994c9f15a4eaebf9d606

    [UI]Add HSTS header for TLS enabled CDAP environments
      - Adds hsts npm module
      - Adds HTTP Strict Transport Security as express middleware. This will ensure the clients using CDAP UI
    will use TLS enabled UI for the max-age we specified. As soon as the browser sees the hsts in the header
    it will make sure the TLS enabled CDAP UI gets used until max age specified.

    This is a safe change when CDAP UI by default gets served in non-TLS enabled environment (meaning only http)

    This is however not safe when clients change from https to http. Then the browser will try to go to https until the
    max-age and will probably error out. Since downgrading to non-TLS enabled CDAP UI is not standard we are making this
    change for now.

    • cdap-ui/package.json (version 027137c65938a97d0313994c9f15a4eaebf9d606)
    • cdap-ui/server/express.js (version 027137c65938a97d0313994c9f15a4eaebf9d606)
    • cdap-ui/server/url-helper.js (version 027137c65938a97d0313994c9f15a4eaebf9d606)
    • cdap-ui/yarn.lock (version 027137c65938a97d0313994c9f15a4eaebf9d606)