Return-Path: <common-commits-return-67254-archive-asf-public=cust-asf.ponee.io@hadoop.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 995F7200CCA
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Wed, 19 Jul 2017 19:45:23 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 97BBC169818; Wed, 19 Jul 2017 17:45:23 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id DE25C169816
	for <archive-asf-public@cust-asf.ponee.io>; Wed, 19 Jul 2017 19:45:22 +0200 (CEST)
Received: (qmail 23699 invoked by uid 500); 19 Jul 2017 17:45:22 -0000
Mailing-List: contact common-commits-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:common-commits-help@hadoop.apache.org>
List-Unsubscribe: <mailto:common-commits-unsubscribe@hadoop.apache.org>
List-Post: <mailto:common-commits@hadoop.apache.org>
List-Id: <common-commits.hadoop.apache.org>
Delivered-To: mailing list common-commits@hadoop.apache.org
Received: (qmail 23685 invoked by uid 99); 19 Jul 2017 17:45:22 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Jul 2017 17:45:22 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33)
	id 95C67E024D; Wed, 19 Jul 2017 17:45:19 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: aengineer@apache.org
To: common-commits@hadoop.apache.org
Message-Id: <98184c5ba1c9494d880e004a25c8d381@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: hadoop git commit: HDFS-12158. Secondary Namenode's web interface
 lack configs for X-FRAME-OPTIONS protection. Contributed by Mukul Kumar
 Singh.
Date: Wed, 19 Jul 2017 17:45:19 +0000 (UTC)
archived-at: Wed, 19 Jul 2017 17:45:23 -0000

Repository: hadoop
Updated Branches:
  refs/heads/branch-2 979d37ae2 -> e0297ffbc


HDFS-12158. Secondary Namenode's web interface lack configs for X-FRAME-OPTIONS protection. Contributed by Mukul Kumar Singh.

(cherry picked from commit 413b23eb04eee24275257ab462133e0818f87449)


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/e0297ffb
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/e0297ffb
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/e0297ffb

Branch: refs/heads/branch-2
Commit: e0297ffbc89e9f037d5f6a8c5874ce8794656e0c
Parents: 979d37a
Author: Anu Engineer <aengineer@apache.org>
Authored: Wed Jul 19 10:29:06 2017 -0700
Committer: Anu Engineer <aengineer@apache.org>
Committed: Wed Jul 19 10:42:28 2017 -0700

----------------------------------------------------------------------
 .../hdfs/server/namenode/SecondaryNameNode.java | 10 +++++++++
 .../namenode/TestNameNodeHttpServerXFrame.java  | 22 ++++++++++++++++++++
 2 files changed, 32 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/e0297ffb/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNode.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNode.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNode.java
index 1358f46..d31f5db 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNode.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNode.java
@@ -479,6 +479,16 @@ public class SecondaryNameNode implements Runnable,
             DFS_SECONDARY_NAMENODE_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY,
         DFSConfigKeys.DFS_SECONDARY_NAMENODE_KEYTAB_FILE_KEY);
 
+    final boolean xFrameEnabled = conf.getBoolean(
+        DFSConfigKeys.DFS_XFRAME_OPTION_ENABLED,
+        DFSConfigKeys.DFS_XFRAME_OPTION_ENABLED_DEFAULT);
+
+    final String xFrameOptionValue = conf.getTrimmed(
+        DFSConfigKeys.DFS_XFRAME_OPTION_VALUE,
+        DFSConfigKeys.DFS_XFRAME_OPTION_VALUE_DEFAULT);
+
+    builder.configureXFrame(xFrameEnabled).setXFrameOption(xFrameOptionValue);
+
     infoServer = builder.build();
     infoServer.setAttribute("secondary.name.node", this);
     infoServer.setAttribute("name.system.image", checkpointImage);

http://git-wip-us.apache.org/repos/asf/hadoop/blob/e0297ffb/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestNameNodeHttpServerXFrame.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestNameNodeHttpServerXFrame.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestNameNodeHttpServerXFrame.java
index 947e951..aaa713e 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestNameNodeHttpServerXFrame.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestNameNodeHttpServerXFrame.java
@@ -18,6 +18,7 @@
 package org.apache.hadoop.hdfs.server.namenode;
 
 import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.FileSystem;
 import org.apache.hadoop.hdfs.DFSConfigKeys;
 import org.apache.hadoop.hdfs.HdfsConfiguration;
 import org.apache.hadoop.http.HttpServer2;
@@ -32,6 +33,7 @@ import java.net.HttpURLConnection;
 import java.net.InetSocketAddress;
 import java.net.MalformedURLException;
 import java.net.URL;
+import java.net.URI;
 
 /**
  * A class to test the XFrameoptions of Namenode HTTP Server. We are not reusing
@@ -94,4 +96,24 @@ public class TestNameNodeHttpServerXFrame {
     conn.connect();
     return conn;
   }
+
+  @Test
+  public void testSecondaryNameNodeXFrame() throws IOException {
+    Configuration conf = new HdfsConfiguration();
+    FileSystem.setDefaultUri(conf, "hdfs://localhost:0");
+
+    SecondaryNameNode sn = new SecondaryNameNode(conf);
+    sn.startInfoServer();
+    InetSocketAddress httpAddress = SecondaryNameNode.getHttpAddress(conf);
+
+    URL url = URI.create("http://" + httpAddress.getHostName()
+        + ":" + httpAddress.getPort()).toURL();
+    HttpURLConnection conn = (HttpURLConnection) url.openConnection();
+    conn.connect();
+    String xfoHeader = conn.getHeaderField("X-FRAME-OPTIONS");
+    Assert.assertTrue("X-FRAME-OPTIONS is absent in the header",
+        xfoHeader != null);
+    Assert.assertTrue(xfoHeader.endsWith(HttpServer2.XFrameOption
+        .SAMEORIGIN.toString()));
+  }
 }


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org