hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-14908) CrossOriginFilter should trigger regex on more input
Date Wed, 27 Sep 2017 01:57:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-14908?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16181867#comment-16181867

ASF GitHub Bot commented on HADOOP-14908:

GitHub user johannes-altiscale opened a pull request:


    (HADOOP-14908) allow for real regex patterns (and be backward compatible)


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/Altiscale/hadoop johannes-HADOOP-14908-allow-full-regexp

Alternatively you can review and apply these changes as the patch at:


To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #278
commit 90e3816f606bcccc495efa09cfb0f26c3a6d37ac
Author: Johannes Alberti <johannes@altiscale.com>
Date:   2017-09-27T01:50:10Z

    allow for real regex patterns (and be backward compatible)


> CrossOriginFilter should trigger regex on more input
> ----------------------------------------------------
>                 Key: HADOOP-14908
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14908
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: common, security
>    Affects Versions: 3.0.0-beta1
>            Reporter: Allen Wittenauer
> Currently,  CrossOriginFilter.java limits regex matching only if there is an asterisk
(\*) in the config.
> {code}
> if (allowedOrigin.contains("*")) {
> {code}
> This means that entries such as:
> {code}
> http?://foo.example.com
> https://[a-z][0-9].example.com
> {code}
> ... and other patterns that succinctly limit the input space need to either be fully
expanded or dramatically have their space increased by using an asterisk in order to pass
through the filter.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message