hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anu Engineer (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HDFS-12158) Secondary Namenode's web interface lack configs for X-FRAME-OPTIONS protection
Date Wed, 19 Jul 2017 17:58:00 GMT

     [ https://issues.apache.org/jira/browse/HDFS-12158?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Anu Engineer updated HDFS-12158:
--------------------------------
          Resolution: Fixed
        Hadoop Flags: Reviewed
    Target Version/s: 2.8.2
              Status: Resolved  (was: Patch Available)

[~msingh] Thanks for the contribution. I have committed this to trunk, branch-2, and branch-2.8.2

> Secondary Namenode's web interface lack configs for X-FRAME-OPTIONS protection
> ------------------------------------------------------------------------------
>
>                 Key: HDFS-12158
>                 URL: https://issues.apache.org/jira/browse/HDFS-12158
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: namenode
>            Reporter: Mukul Kumar Singh
>            Assignee: Mukul Kumar Singh
>         Attachments: HDFS-12158.001.patch
>
>
> HDFS-10579 adds  X-FRAME-OPTIONS  protection to Namenode and Datanode.
> This is also needed for Secondary Namenode as well.
> *Seondary Namenode misses X-FRAME-OPTIONS protection*
> {code}
> [root@f0e12b63907e opt]# curl -I http://127.0.0.1:50090/index.html
> HTTP/1.1 200 OK
> Cache-Control: no-cache
> Expires: Tue, 18 Jul 2017 20:13:53 GMT
> Date: Tue, 18 Jul 2017 20:13:53 GMT
> Pragma: no-cache
> Expires: Tue, 18 Jul 2017 20:13:53 GMT
> Date: Tue, 18 Jul 2017 20:13:53 GMT
> Pragma: no-cache
> Content-Type: text/html; charset=utf-8
> Last-Modified: Mon, 12 Jun 2017 13:15:41 GMT
> Content-Length: 1083
> Accept-Ranges: bytes
> Server: Jetty(6.1.26)
> {code}
> *Primary Namenode offers X-FRAME-OPTIONS protection*
> {code}
> [root@f0e12b63907e opt]# curl -I http://127.0.0.1:50070/index.html
> HTTP/1.1 200 OK
> Cache-Control: no-cache
> Expires: Tue, 18 Jul 2017 20:14:04 GMT
> Date: Tue, 18 Jul 2017 20:14:04 GMT
> Pragma: no-cache
> Expires: Tue, 18 Jul 2017 20:14:04 GMT
> Date: Tue, 18 Jul 2017 20:14:04 GMT
> Pragma: no-cache
> Content-Type: text/html; charset=utf-8
> X-FRAME-OPTIONS: SAMEORIGIN
> Last-Modified: Mon, 12 Jun 2017 13:15:41 GMT
> Content-Length: 1079
> Accept-Ranges: bytes
> Server: Jetty(6.1.26)
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message