Http response header configuration is not working in Kafka rest proxy and schema registry
We are using confluent platform 5.3.1 community edition.
Recently as part of security scan we have got missing http header (X-XSS-Protection,X-Content-Type-Options) security vulnerability for Kafka rest proxy and schema registry services.
As per the confluent documentation, we can add response.http.headers.config property in the config to add/set the required header.
https://docs.confluent.io/platform/current/kafka-rest/production-deployment/rest-proxy/config.html https://docs.confluent.io/platform/current/schema-registry/installation/config.html
We have added the config in the respective configuration file and restarted the services.
Lines added in the config
Rest proxy
response.http.headers.config=add X-XSS-Protection: 1; mode=block, add X-Content-Type-Options: nosniff
Schema Registry
response.http.headers.config="add Cache-Control: no-cache, no-store, must-revalidate", add X-XSS-Protection: 1; mode=block, add Strict-Transport-Security: max-age=31536000; includeSubDomains, add X-Content-Type-Options: nosniff
After restarting the services, we expected to receive additional http response headers in the response, but still we aren't getting those headers.
Request: Get: http://xxxx:8082/
Response Headers
Any suggestion to get those missing headers in the response.? Thanks in Advance
After checking the source code of Confluent rest proxy. Identified that this property (response.http.headers.config) is added in confluent platform 6.0.x. So the platform need to be updated to use this property.
Reference: https://cwiki.apache.org/confluence/display/KAFKA/KIP+577%3A+Allow+HTTP+Response+Headers+to+be+Configured+for+Kafka+Connect https://docs.confluent.io/platform/current/release-notes/changelog.html https://github.com/confluentinc/rest-utils/blob/6.0.x/core/src/main/java/io/confluent/rest/RestConfig.java
- What's the difference between RabbitMQ and kafka?
- Unknown feature gate KafkaNodePools found in the configuration
- Kafka max.request.size VS compression.type
- Kafka Streams with state store and Forward compatibility
- Why Debezium Mongo Source Kafka Connector produces string `after` field instead of a Json Object?
- what is bootstrap-server in kafka config?
- One to One and Group Messaging using Kafka
- Spring Cloud Stream Multi Cluster and Multi Input Bindings from a Single Consumer
- Kafka DefaultErrorHandler Seek to current after exception
- PySpark: How To Deserialise A Proto Payload From A Kafka Message With Variable Message Type
- How docker map env variable to kafka broker variable?
- Issues with RabbitMQ Source Connector Configuration - java.io.IOException Errors with SSL
- Can't migrate old data from zookeeper cluster to KRaft cluster via MirrorMaker2
- Handling bad messages using Kafka's Streams API
- How can I access Confluent Cloud Schema Registry using KafkIO?
- Running Kafka on Windows 10 fails: The system cannot find the path specified
- Is key required as part of sending messages to Kafka?
- Why do we need Outbox pattern with Kafka
- Get the latest offsets in SSL Enabled Kafka via CMD
- Kafka: Consumer API vs Streams API
- Understanding Kafka Topics and Partitions
- Spring Kafka, overriding max.poll.interval.ms?
- KafkaAvroSerializer for serializing Avro without schema.registry.url
- Transactional outbox distributed lock fencing confusion
- Ad-Hoc Snapshot with Debezium SQL Server Source Connector using Kafka Signal doesn't work
- Need to run kafka-storage.sh on every broker and controller
- Consumer gives "This server does not host this topic-partition" error
- Kafka producer callback Exception
- ModuleNotFoundError: No module named 'kafka.vendor.six.moves' in Dockerized Django Application
- problems with Schema Registry associated with Azure Event Hub from KafkaConnect using Strimzi