Is your zeplin exposed to the internet? If not don't see why this should be an issue if it's behind the firewall?
On Wed, 12 Dec, 2018, 03:57 Bicky Ealias <bickyeal...@gmail.com wrote: > Checking again.. Has anyone got a chance to fix CORS issue on Zeppelin? > > On Wed., 5 Dec. 2018, 5:55 pm Bicky Ealias <bickyeal...@gmail.com wrote: > >> Hello users, >> Has anyone succeeded in hardening Zeppelin against CORS vulnerability? >> ---------- Forwarded message --------- >> >> *From: *Jeff Zhang <zjf...@gmail.com> >> *Date: *Tuesday, 4 December 2018 at 5:05 pm >> *To: *"Ealias, Bicky" <bicky.eal...@cba.com.au> >> *Subject: *Re: CORS policy in Zeppelin >> >> >> >> Sorry,I don't know about this, could you ask this in zeppelin user mail >> list ? >> >> >> >> Ealias, Bicky <bicky.eal...@cba.com.au> 于2018年12月4日周二 上午10:55写道: >> >> Hi Jeff, >> >> Hope you are doing well. >> >> Recently we had penetration testing done on zeppelin,and one >> vulnerability that came forward is issue with Zeppelin’s HTML2 CORS policy, >> >> We are on version 0.8.0.I added these configurations as per the >> documentation: >> >> >> >> >> https://zeppelin.apache.org/docs/0.8.0/setup/security/http_security_headers.html >> But still that doesn’t seem to fix the issue. >> >> https://issues.apache.org/jira/browse/ZEPPELIN-245 I see this ticket but >> the comment says its fixed in 0.6.0 already. >> >> ..Are there some other settings I can change? >> >> >> >> >> >> >> >> *CommonwealthBank* >> >> [image: cid:image001.png@01D40715.7FFFB880] >> >> Bicky Eailas >> Analytics & Information >> Level 17, 255 Pitt St, Sydney NSW 2000 >> M: 0406949642 >> E: bicky.eal...@cba.com.au >> >> *Our vision…To excel at securing and enhancing the **financial wellbeing** of >> people, businesses and communities.* >> >> >> >> [image: cid:image003.png@01D40715.A8C27190] >> >> >> >> ************** IMPORTANT MESSAGE ***************************** >> This e-mail message is intended only for the addressee(s) and contains >> information which may be >> confidential. >> If you are not the intended recipient please advise the sender by return >> email, do not use or >> disclose the contents, and delete the message and any attachments from >> your system. Unless >> specifically indicated, this email does not constitute formal advice or >> commitment by the sender >> or the Commonwealth Bank of Australia (ABN 48 123 123 124 AFSL and >> Australian credit licence 234945) >> or its subsidiaries. >> We can be contacted through our web site: commbank.com.au. >> If you no longer wish to receive commercial electronic messages from us, >> please reply to this >> e-mail by typing Unsubscribe in the subject line. >> ************************************************************** >> >> >> >> >> -- >> >> Best Regards >> >> Jeff Zhang >> >> ************** IMPORTANT MESSAGE ***************************** >> This e-mail message is intended only for the addressee(s) and contains >> information which may be >> confidential. >> If you are not the intended recipient please advise the sender by return >> email, do not use or >> disclose the contents, and delete the message and any attachments from >> your system. Unless >> specifically indicated, this email does not constitute formal advice or >> commitment by the sender >> or the Commonwealth Bank of Australia (ABN 48 123 123 124 AFSL and >> Australian credit licence 234945) >> or its subsidiaries. >> We can be contacted through our web site: commbank.com.au. >> If you no longer wish to receive commercial electronic messages from us, >> please reply to this >> e-mail by typing Unsubscribe in the subject line. >> ************************************************************** >> >
