falcon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ying Zheng (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (FALCON-2082) Add CSRF filter for REST APIs
Date Wed, 20 Jul 2016 01:24:20 GMT

    [ https://issues.apache.org/jira/browse/FALCON-2082?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15385160#comment-15385160
] 

Ying Zheng edited comment on FALCON-2082 at 7/20/16 1:23 AM:
-------------------------------------------------------------

Prototyped with RestCsrfPreventionFilter in Hadoop 2.8.0. Tested with empty header and CSRF
filter enabled that GET methods get accepted while POST methods are rejected as expected.
See attached picture. If we use RestCsrfPreventionFilter, it requires us to upgrade Hadoop
version to 2.8.0. Let me know if there is any objection on this. Thank you!


was (Author: yzheng-hortonworks):
Prototyped with RestCsrfPreventionFilter in Hadoop 2.8.0. Tested with empty header and CSRF
filter enabled that GET methods get accepted while POST methods are rejected as expected.
See attached picture. If we use RestCsrfPreventionFilter, it requires us to upgrade hadoop
version to 2.8.0. Let me know if there is any objection on this. Thank you!

> Add CSRF filter for REST APIs
> -----------------------------
>
>                 Key: FALCON-2082
>                 URL: https://issues.apache.org/jira/browse/FALCON-2082
>             Project: Falcon
>          Issue Type: Improvement
>            Reporter: Ying Zheng
>            Assignee: Ying Zheng
>         Attachments: Screen Shot 2016-07-19 at 4.54.29 PM.png
>
>
> A CSRF filter was added to Hadoop common (https://issues.apache.org/jira/browse/HADOOP-12691).
This JIRA is to integrate this filter into Falcon REST API post methods.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message