Return-Path: <common-issues-return-142286-archive-asf-public=cust-asf.ponee.io@hadoop.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id D9333200D0A
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Wed,  4 Oct 2017 22:31:06 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id D78C1160BD7; Wed,  4 Oct 2017 20:31:06 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 2A2741609DD
	for <archive-asf-public@cust-asf.ponee.io>; Wed,  4 Oct 2017 22:31:06 +0200 (CEST)
Received: (qmail 39953 invoked by uid 500); 4 Oct 2017 20:31:05 -0000
Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:common-issues-help@hadoop.apache.org>
List-Unsubscribe: <mailto:common-issues-unsubscribe@hadoop.apache.org>
List-Post: <mailto:common-issues@hadoop.apache.org>
List-Id: <common-issues.hadoop.apache.org>
Delivered-To: mailing list common-issues@hadoop.apache.org
Received: (qmail 39942 invoked by uid 99); 4 Oct 2017 20:31:05 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 04 Oct 2017 20:31:05 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 8D0CC1A1D12
	for <common-issues@hadoop.apache.org>; Wed,  4 Oct 2017 20:31:04 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -99.202
X-Spam-Level: 
X-Spam-Status: No, score=-99.202 tagged_above=-999 required=6.31
	tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001,
	SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024)
	with ESMTP id 2ll5JHAa7-AC for <common-issues@hadoop.apache.org>;
	Wed,  4 Oct 2017 20:31:03 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id B97B85FDE2
	for <common-issues@hadoop.apache.org>; Wed,  4 Oct 2017 20:31:03 +0000 (UTC)
Received: from jira-lw-us.apache.org (unknown [207.244.88.139])
	by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 208DDE0FA2
	for <common-issues@hadoop.apache.org>; Wed,  4 Oct 2017 20:31:02 +0000 (UTC)
Received: from jira-lw-us.apache.org (localhost [127.0.0.1])
	by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 191E82431D
	for <common-issues@hadoop.apache.org>; Wed,  4 Oct 2017 20:31:01 +0000 (UTC)
Date: Wed, 4 Oct 2017 20:31:01 +0000 (UTC)
From: "ASF GitHub Bot (JIRA)" <jira@apache.org>
To: common-issues@hadoop.apache.org
Message-ID: <JIRA.13105233.1506458401000.273812.1507149061101@Atlassian.JIRA>
In-Reply-To: <JIRA.13105233.1506458401000@Atlassian.JIRA>
References: <JIRA.13105233.1506458401000@Atlassian.JIRA> <JIRA.13105233.1506458401555@jira-lw-us.apache.org>
Subject: [jira] [Commented] (HADOOP-14908) CrossOriginFilter should trigger
 regex on more input
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
archived-at: Wed, 04 Oct 2017 20:31:07 -0000


    [ https://issues.apache.org/jira/browse/HADOOP-14908?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16191990#comment-16191990 ] 

ASF GitHub Bot commented on HADOOP-14908:
-----------------------------------------

Github user johannes-altiscale closed the pull request at:

    https://github.com/apache/hadoop/pull/279


> CrossOriginFilter should trigger regex on more input
> ----------------------------------------------------
>
>                 Key: HADOOP-14908
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14908
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: common, security
>    Affects Versions: 3.0.0-beta1
>            Reporter: Allen Wittenauer
>            Assignee: Johannes Alberti
>             Fix For: 3.1.0
>
>         Attachments: HADOOP-14908-PR279.patch
>
>
> Currently,  CrossOriginFilter.java limits regex matching only if there is an asterisk (\*) in the config.
> {code}
> if (allowedOrigin.contains("*")) {
> {code}
> This means that entries such as:
> {code}
> http?://foo.example.com
> https://[a-z][0-9].example.com
> {code}
> ... and other patterns that succinctly limit the input space need to either be fully expanded or dramatically have their space increased by using an asterisk in order to pass through the filter.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org