Return-Path: 
 <issues-return-229897-apmail-hbase-issues-archive=hbase.apache.org@hbase.apache.org>
X-Original-To: apmail-hbase-issues-archive@www.apache.org
Delivered-To: apmail-hbase-issues-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 2CE0A189F7
	for <apmail-hbase-issues-archive@www.apache.org>;
 Mon,  1 Feb 2016 22:35:40 +0000 (UTC)
Received: (qmail 93998 invoked by uid 500); 1 Feb 2016 22:35:40 -0000
Delivered-To: apmail-hbase-issues-archive@hbase.apache.org
Received: (qmail 93961 invoked by uid 500); 1 Feb 2016 22:35:39 -0000
Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@hbase.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@hbase.apache.org>
List-Post: <mailto:issues@hbase.apache.org>
List-Id: <issues.hbase.apache.org>
Delivered-To: mailing list issues@hbase.apache.org
Received: (qmail 93949 invoked by uid 99); 1 Feb 2016 22:35:39 -0000
Received: from arcas.apache.org (HELO arcas) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 01 Feb 2016 22:35:39 +0000
Received: from arcas.apache.org (localhost [127.0.0.1])
	by arcas (Postfix) with ESMTP id C686C2C1F57
	for <issues@hbase.apache.org>; Mon,  1 Feb 2016 22:35:39 +0000 (UTC)
Date: Mon, 1 Feb 2016 22:35:39 +0000 (UTC)
From: "Ted Yu (JIRA)" <jira@apache.org>
To: issues@hbase.apache.org
Message-ID: <JIRA.12935155.1454082363000.269638.1454366139810@Atlassian.JIRA>
In-Reply-To: <JIRA.12935155.1454082363000@Atlassian.JIRA>
References: <JIRA.12935155.1454082363000@Atlassian.JIRA>
 <JIRA.12935155.1454082363233@arcas>
Subject: [jira] [Commented] (HBASE-15187) Integrate CSRF prevention filter
 to REST gateway
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/HBASE-15187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15127170#comment-15127170 ] 

Ted Yu commented on HBASE-15187:
--------------------------------

bq. Is it possible to use this method instead of adding the extra parameter

In the modified tests, REST calls with and without extra header are interleaved.

This means wrapping calls which are supposed to carry extra header with calls to addExtraHeader() / removeExtraHeader()
In my opinion, that is not as concise as the current formation.

I can modify post() with extraHdr parameter if you think my thinking is plausible.

> Integrate CSRF prevention filter to REST gateway
> ------------------------------------------------
>
>                 Key: HBASE-15187
>                 URL: https://issues.apache.org/jira/browse/HBASE-15187
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Ted Yu
>            Assignee: Ted Yu
>         Attachments: HBASE-15187.v1.patch, HBASE-15187.v2.patch
>
>
> HADOOP-12691 introduced a filter in Hadoop Common to help REST APIs guard against cross-site request forgery attacks.
> This issue tracks the integration of that filter into HBase REST gateway.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)