hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jonathan Eagles (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (YARN-2528) Cross Origin Filter Http response split vulnerability protection rejects valid origins
Date Tue, 09 Sep 2014 20:44:29 GMT

     [ https://issues.apache.org/jira/browse/YARN-2528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jonathan Eagles updated YARN-2528:
----------------------------------
    Attachment: YARN-2528-v1.patch

> Cross Origin Filter Http response split vulnerability protection rejects valid origins
> --------------------------------------------------------------------------------------
>
>                 Key: YARN-2528
>                 URL: https://issues.apache.org/jira/browse/YARN-2528
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: timelineserver
>            Reporter: Jonathan Eagles
>            Assignee: Jonathan Eagles
>         Attachments: YARN-2528-v1.patch
>
>
> URLEncoding is too strong of a protection for HTTP Response Split Vulnerability protection
and major browser reject the encoded Origin. An adequate protection is simply to remove all
CRs LFs as in the case of PHP's header function.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message