GitHub user atomicpages opened a pull request:
https://github.com/apache/zeppelin/pull/3141
Adding CSP header
### What is this PR for?
Exposing CSP headers in Zeppelin. Sometimes enterprises might not want to
set `X-Frame-Options` due to security concerns and chrome not supporting
`ALLOWED-FROM` directive. Using CSP solves both problems.
### What type of PR is it?
* Improvement
* Documentation
### Todos
* None
### What is the Jira issue?
* ZEPPELIN-3714
### How should this be tested?
* First time? Setup Travis CI as described on
https://zeppelin.apache.org/contribution/contributions.html#continuous-integration
* Strongly recommended: add automated unit tests for any new or changed
behavior
* Outline any manual steps to test the PR here.
### Screenshots (if appropriate)
### Questions:
* No license change is required
* No breaking change for older versions
* Docs have already been updated
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/atomicpages/zeppelin master
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zeppelin/pull/3141.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #3141
----
commit f5026c058f0ba8113b8a6e9d702bb0c9305d2e9e
Author: Dennis Thompson <djthomps@...>
Date: 2018-08-15T15:41:59Z
Adding CSP header
----
---
