falcon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ying Zheng (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FALCON-2082) Add CSRF filter for REST APIs
Date Wed, 20 Jul 2016 01:23:20 GMT

    [ https://issues.apache.org/jira/browse/FALCON-2082?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15385160#comment-15385160
] 

Ying Zheng commented on FALCON-2082:
------------------------------------

Prototyped with RestCsrfPreventionFilter in Hadoop 2.8.0. Tested with empty header and CSRF
filter enabled that GET methods get accepted while POST methods are rejected as expected.
See attached picture. If we use RestCsrfPreventionFilter, it requires us to upgrade hadoop
version to 2.8.0. Let me know if there is any objection on this. Thank you!

> Add CSRF filter for REST APIs
> -----------------------------
>
>                 Key: FALCON-2082
>                 URL: https://issues.apache.org/jira/browse/FALCON-2082
>             Project: Falcon
>          Issue Type: Improvement
>            Reporter: Ying Zheng
>            Assignee: Ying Zheng
>         Attachments: Screen Shot 2016-07-19 at 4.54.29 PM.png
>
>
> A CSRF filter was added to Hadoop common (https://issues.apache.org/jira/browse/HADOOP-12691).
This JIRA is to integrate this filter into Falcon REST API post methods.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message