hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Apekshit Sharma (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-12234) Web UI Framable Page
Date Wed, 22 Jul 2015 02:24:05 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-12234?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14636135#comment-14636135
] 

Apekshit Sharma commented on HADOOP-12234:
------------------------------------------

bq. Please update your patch to maintain the original authorship and license header (see the
source header policy for details, under "third party works"). Also please add the appropriate
addition to the top-level LICENSE.txt file.

Sorry, didn't know about licensing stuff. Fixed now. Since tests were written by me, they
still have the apache license.

Please let me know if it needs to be back-ported to other branches.
Thanks.

> Web UI Framable Page
> --------------------
>
>                 Key: HADOOP-12234
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12234
>             Project: Hadoop Common
>          Issue Type: Bug
>            Reporter: Apekshit Sharma
>            Assignee: Apekshit Sharma
>         Attachments: HADOOP-12234-v2-master.patch, HADOOP-12234.patch
>
>
> The web UIs do not include the "X-Frame-Options" header to prevent the pages from being
framed from another site.  
> Reference:
> https://www.owasp.org/index.php/Clickjacking
> https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
> https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message