diff --git a/conf/openmetadata.yaml b/conf/openmetadata.yaml
index 877ed16ca24..7b6bb9804cb 100644
--- a/conf/openmetadata.yaml
+++ b/conf/openmetadata.yaml
@@ -306,6 +306,18 @@ applicationConfig:
accessBlockTime: ${OM_LOGIN_ACCESS_BLOCK_TIME:-600}
jwtTokenExpiryTime: ${OM_JWT_EXPIRY_TIME:-3600}
-changeEventConfig:
- omUri: ${OM_URI:- "http://localhost:8585"} #openmetadata in om uri for eg http://loclhost:8585
+
+web:
+ uriPath: /api
+ hsts:
+ enabled: true
+ frame-options:
+ enabled: true
+ content-type-options:
+ enabled: true
+ xss-protection:
+ enabled: true
+
+changeEventConfig:
+ omUri: ${OM_URI:- "http://localhost:8585"} #openmetadata in om uri for eg http://localhost:8585
diff --git a/openmetadata-service/pom.xml b/openmetadata-service/pom.xml
index 2513001b8c0..62e26e2b889 100644
--- a/openmetadata-service/pom.xml
+++ b/openmetadata-service/pom.xml
@@ -231,6 +231,11 @@
${awssdk.version}
+
+ io.dropwizard.modules
+ dropwizard-web
+
+
software.amazon.awssdk
diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/OpenMetadataApplication.java b/openmetadata-service/src/main/java/org/openmetadata/service/OpenMetadataApplication.java
index 14a65c78a32..a8ceb344dec 100644
--- a/openmetadata-service/src/main/java/org/openmetadata/service/OpenMetadataApplication.java
+++ b/openmetadata-service/src/main/java/org/openmetadata/service/OpenMetadataApplication.java
@@ -29,6 +29,8 @@ import io.dropwizard.lifecycle.Managed;
import io.dropwizard.server.DefaultServerFactory;
import io.dropwizard.setup.Bootstrap;
import io.dropwizard.setup.Environment;
+import io.dropwizard.web.WebBundle;
+import io.dropwizard.web.conf.WebConfiguration;
import io.federecio.dropwizard.swagger.SwaggerBundle;
import io.federecio.dropwizard.swagger.SwaggerBundleConfiguration;
import io.socket.engineio.server.EngineIoServerOptions;
@@ -274,6 +276,13 @@ public class OpenMetadataApplication extends Application() {
+ @Override
+ public WebConfiguration getWebConfiguration(final OpenMetadataApplicationConfig configuration) {
+ return configuration.getWebConfiguration();
+ }
+ });
super.initialize(bootstrap);
}
diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/OpenMetadataApplicationConfig.java b/openmetadata-service/src/main/java/org/openmetadata/service/OpenMetadataApplicationConfig.java
index 493023194b2..42f58700843 100644
--- a/openmetadata-service/src/main/java/org/openmetadata/service/OpenMetadataApplicationConfig.java
+++ b/openmetadata-service/src/main/java/org/openmetadata/service/OpenMetadataApplicationConfig.java
@@ -17,6 +17,7 @@ import com.fasterxml.jackson.annotation.JsonProperty;
import io.dropwizard.Configuration;
import io.dropwizard.db.DataSourceFactory;
import io.dropwizard.health.conf.HealthConfiguration;
+import io.dropwizard.web.conf.WebConfiguration;
import io.federecio.dropwizard.swagger.SwaggerBundleConfiguration;
import javax.validation.Valid;
import javax.validation.constraints.NotNull;
@@ -96,6 +97,11 @@ public class OpenMetadataApplicationConfig extends Configuration {
@JsonProperty("email")
private SmtpSettings smtpSettings;
+ @Valid
+ @NotNull
+ @JsonProperty("web")
+ private WebConfiguration webConfiguration = new WebConfiguration();
+
@JsonProperty("changeEventConfig")
private ChangeEventConfiguration changeEventConfiguration;
diff --git a/pom.xml b/pom.xml
index cc43fad9c18..4931d6b054d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -148,6 +148,7 @@
1.8.0
2.5.3
6.0.7
+ 1.5.1
@@ -232,6 +233,11 @@
jdbi3-core
${jdbi3.version}
+
+ io.dropwizard.modules
+ dropwizard-web
+ ${dropwizard-web.version}
+
commons-cli
commons-cli