mirror of
https://github.com/apache/nifi.git
synced 2025-02-07 18:48:51 +00:00
e16a6c2b89
- Replaced use of Authorization header with custom Request-Token header for CSRF mitigation - Added Request-Token cookie for CSRF mitigation - Replaced session storage of JWT with expiration in seconds - Removed and disabled CORS configuration - Disabled HTTP OPTIONS method - Refactored HTTP Proxy URI construction using RequestUriBuilder Signed-off-by: Nathan Gough <thenatog@gmail.com> This closes #5417.