hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ted Yu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-15187) Integrate CSRF prevention filter to REST gateway
Date Mon, 01 Feb 2016 22:35:39 GMT

    [ https://issues.apache.org/jira/browse/HBASE-15187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15127170#comment-15127170
] 

Ted Yu commented on HBASE-15187:
--------------------------------

bq. Is it possible to use this method instead of adding the extra parameter

In the modified tests, REST calls with and without extra header are interleaved.

This means wrapping calls which are supposed to carry extra header with calls to addExtraHeader()
/ removeExtraHeader()
In my opinion, that is not as concise as the current formation.

I can modify post() with extraHdr parameter if you think my thinking is plausible.

> Integrate CSRF prevention filter to REST gateway
> ------------------------------------------------
>
>                 Key: HBASE-15187
>                 URL: https://issues.apache.org/jira/browse/HBASE-15187
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Ted Yu
>            Assignee: Ted Yu
>         Attachments: HBASE-15187.v1.patch, HBASE-15187.v2.patch
>
>
> HADOOP-12691 introduced a filter in Hadoop Common to help REST APIs guard against cross-site
request forgery attacks.
> This issue tracks the integration of that filter into HBase REST gateway.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message