Return-Path: <common-issues-return-141928-archive-asf-public=cust-asf.ponee.io@hadoop.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 0AF17200CFC
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Thu, 28 Sep 2017 21:02:09 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 0942B1609CD; Thu, 28 Sep 2017 19:02:09 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 4F7C61609B4
	for <archive-asf-public@cust-asf.ponee.io>; Thu, 28 Sep 2017 21:02:08 +0200 (CEST)
Received: (qmail 43807 invoked by uid 500); 28 Sep 2017 19:02:07 -0000
Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:common-issues-help@hadoop.apache.org>
List-Unsubscribe: <mailto:common-issues-unsubscribe@hadoop.apache.org>
List-Post: <mailto:common-issues@hadoop.apache.org>
List-Id: <common-issues.hadoop.apache.org>
Delivered-To: mailing list common-issues@hadoop.apache.org
Received: (qmail 43795 invoked by uid 99); 28 Sep 2017 19:02:07 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 28 Sep 2017 19:02:07 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id BE3B8D2BF8
	for <common-issues@hadoop.apache.org>; Thu, 28 Sep 2017 19:02:06 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -99.201
X-Spam-Level: 
X-Spam-Status: No, score=-99.201 tagged_above=-999 required=6.31
	tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001,
	SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_WHITELIST=-100]
	autolearn=disabled
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024)
	with ESMTP id 9i7SU8Q2i08R for <common-issues@hadoop.apache.org>;
	Thu, 28 Sep 2017 19:02:04 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 5BA9A5F3CF
	for <common-issues@hadoop.apache.org>; Thu, 28 Sep 2017 19:02:03 +0000 (UTC)
Received: from jira-lw-us.apache.org (unknown [207.244.88.139])
	by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 37723E256C
	for <common-issues@hadoop.apache.org>; Thu, 28 Sep 2017 19:02:02 +0000 (UTC)
Received: from jira-lw-us.apache.org (localhost [127.0.0.1])
	by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id A7BCD242B6
	for <common-issues@hadoop.apache.org>; Thu, 28 Sep 2017 19:02:01 +0000 (UTC)
Date: Thu, 28 Sep 2017 19:02:01 +0000 (UTC)
From: "Jonathan Eagles (JIRA)" <jira@apache.org>
To: common-issues@hadoop.apache.org
Message-ID: <JIRA.13105233.1506458401000.229106.1506625321685@Atlassian.JIRA>
In-Reply-To: <JIRA.13105233.1506458401000@Atlassian.JIRA>
References: <JIRA.13105233.1506458401000@Atlassian.JIRA> <JIRA.13105233.1506458401555@jira-lw-us.apache.org>
Subject: [jira] [Commented] (HADOOP-14908) CrossOriginFilter should trigger
 regex on more input
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
archived-at: Thu, 28 Sep 2017 19:02:09 -0000


    [ https://issues.apache.org/jira/browse/HADOOP-14908?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16184675#comment-16184675 ] 

Jonathan Eagles commented on HADOOP-14908:
------------------------------------------

The original cross origin filter in hadoop was designed based on the apache license jetty cross origin filter (not available in the 6.x jetty line). This was done so that when jetty 9 was adopted in trunk we had an option to stop using the hadoop version and migrate to the jetty version very easily. Do we want to follow the jetty 9 capabilities for this plugin?

https://www.eclipse.org/jetty/documentation/9.4.x/cross-origin-filter.html
http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java

> CrossOriginFilter should trigger regex on more input
> ----------------------------------------------------
>
>                 Key: HADOOP-14908
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14908
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: common, security
>    Affects Versions: 3.0.0-beta1
>            Reporter: Allen Wittenauer
>            Assignee: Johannes Alberti
>         Attachments: HADOOP-14908-PR279.patch
>
>
> Currently,  CrossOriginFilter.java limits regex matching only if there is an asterisk (\*) in the config.
> {code}
> if (allowedOrigin.contains("*")) {
> {code}
> This means that entries such as:
> {code}
> http?://foo.example.com
> https://[a-z][0-9].example.com
> {code}
> ... and other patterns that succinctly limit the input space need to either be fully expanded or dramatically have their space increased by using an asterisk in order to pass through the filter.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org