hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Allen Wittenauer (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HADOOP-14908) CrossOriginFilter should trigger regex on more input
Date Tue, 26 Sep 2017 20:41:00 GMT
Allen Wittenauer created HADOOP-14908:
-----------------------------------------

             Summary: CrossOriginFilter should trigger regex on more input
                 Key: HADOOP-14908
                 URL: https://issues.apache.org/jira/browse/HADOOP-14908
             Project: Hadoop Common
          Issue Type: Bug
          Components: common, security
    Affects Versions: 3.0.0-beta1
            Reporter: Allen Wittenauer


Currently,  CrossOriginFilter.java limits regex matching only if there is an asterisk (*)
in the config.

{code}
if (allowedOrigin.contains("*")) {
{code}

This means that entries such as:

{code}
http?://foo.example.com
https://[a-z][0-9].example.com
{code}

... and other patterns that succinctly limit the input space need to either be fully expanded
or dramatically have their space increased by using an asterisk in order to pass through the
filter.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-dev-help@hadoop.apache.org


Mime
View raw message