hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Varun Vasudev (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (YARN-4737) Use CSRF Filter in YARN
Date Mon, 29 Feb 2016 16:12:18 GMT

    [ https://issues.apache.org/jira/browse/YARN-4737?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15172067#comment-15172067
] 

Varun Vasudev edited comment on YARN-4737 at 2/29/16 4:11 PM:
--------------------------------------------------------------

[~jmaron] - to my knowledge the only web UI that uses the web services call via javascript
is the Tez UI. There is a branch to change the RM UI to use javascript and web services as
well. 

However, all of these should be using GET calls only so I suspect they won't be affected by
this change.


was (Author: vvasudev):
[~jmaron] - to my knowledge the only web UI that uses the web services call via javascript
is the Tez UI. However there is a branch to change the RM UI to use javascript and web services
as well.

> Use CSRF Filter in YARN
> -----------------------
>
>                 Key: YARN-4737
>                 URL: https://issues.apache.org/jira/browse/YARN-4737
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: nodemanager, resourcemanager, webapp
>            Reporter: Jonathan Maron
>            Assignee: Jonathan Maron
>         Attachments: YARN-4737.patch.001
>
>
> A CSRF filter was added to hadoop common (https://issues.apache.org/jira/browse/HADOOP-12691).
 The aim of this JIRA is to come up with a mechanism to integrate this filter into the webapps
for which it is applicable (web apps that may establish an authenticated identity).  That
includes the RM, NM, and mapreduce jobhistory web app.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message