hadoop-hdfs-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mukul Kumar Singh (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HDFS-12158) Secondary Namenode's web interface lack configs for X-FRAME-OPTIONS protection
Date Tue, 18 Jul 2017 20:22:00 GMT
Mukul Kumar Singh created HDFS-12158:
----------------------------------------

             Summary: Secondary Namenode's web interface lack configs for X-FRAME-OPTIONS
protection
                 Key: HDFS-12158
                 URL: https://issues.apache.org/jira/browse/HDFS-12158
             Project: Hadoop HDFS
          Issue Type: Bug
          Components: namenode
            Reporter: Mukul Kumar Singh
            Assignee: Mukul Kumar Singh


HDFS-10579 adds  X-FRAME-OPTIONS  protection to Namenode and Datanode.
This is also needed for Secondary Namenode as well.

*Seondary Namenode misses X-FRAME-OPTIONS protection*
{code}
[root@f0e12b63907e opt]# curl -I http://127.0.0.1:50090/index.html
HTTP/1.1 200 OK
Cache-Control: no-cache
Expires: Tue, 18 Jul 2017 20:13:53 GMT
Date: Tue, 18 Jul 2017 20:13:53 GMT
Pragma: no-cache
Expires: Tue, 18 Jul 2017 20:13:53 GMT
Date: Tue, 18 Jul 2017 20:13:53 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Last-Modified: Mon, 12 Jun 2017 13:15:41 GMT
Content-Length: 1083
Accept-Ranges: bytes
Server: Jetty(6.1.26)
{code}

*Primary Namenode offers X-FRAME-OPTIONS protection*
{code}
[root@f0e12b63907e opt]# curl -I http://127.0.0.1:50070/index.html
HTTP/1.1 200 OK
Cache-Control: no-cache
Expires: Tue, 18 Jul 2017 20:14:04 GMT
Date: Tue, 18 Jul 2017 20:14:04 GMT
Pragma: no-cache
Expires: Tue, 18 Jul 2017 20:14:04 GMT
Date: Tue, 18 Jul 2017 20:14:04 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FRAME-OPTIONS: SAMEORIGIN
Last-Modified: Mon, 12 Jun 2017 13:15:41 GMT
Content-Length: 1079
Accept-Ranges: bytes
Server: Jetty(6.1.26)
{code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-help@hadoop.apache.org


Mime
View raw message