ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Nechiporenko (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AMBARI-3758) Make Ambari Web changes for CSRF prevention
Date Wed, 13 Nov 2013 14:25:26 GMT

     [ https://issues.apache.org/jira/browse/AMBARI-3758?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Oleg Nechiporenko updated AMBARI-3758:
--------------------------------------

    Attachment: AMBARI-3758.patch

> Make Ambari Web changes for CSRF prevention
> -------------------------------------------
>
>                 Key: AMBARI-3758
>                 URL: https://issues.apache.org/jira/browse/AMBARI-3758
>             Project: Ambari
>          Issue Type: Bug
>          Components: client
>    Affects Versions: 1.4.2
>            Reporter: Oleg Nechiporenko
>            Assignee: Oleg Nechiporenko
>             Fix For: 1.4.2
>
>         Attachments: AMBARI-3758.patch
>
>
> Basically, Ambari Web needs to pass the extra "X-Requested-By" HTTP header for *ALL*
POST, PUT, and DELETE calls.  No changes will be made to GET calls (though it is OK to pass
this extra HTTP header for GET calls if it's easier to implement that way).



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message