Return-Path: 
 <commits-return-20-apmail-impala-commits-archive=impala.apache.org@impala.incubator.apache.org>
X-Original-To: apmail-impala-commits-archive@minotaur.apache.org
Delivered-To: apmail-impala-commits-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id C639C19040
	for <apmail-impala-commits-archive@minotaur.apache.org>;
 Tue, 12 Apr 2016 21:18:41 +0000 (UTC)
Received: (qmail 75629 invoked by uid 500); 12 Apr 2016 21:18:41 -0000
Delivered-To: apmail-impala-commits-archive@impala.apache.org
Received: (qmail 75603 invoked by uid 500); 12 Apr 2016 21:18:41 -0000
Mailing-List: contact commits-help@impala.incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@impala.incubator.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@impala.incubator.apache.org>
List-Post: <mailto:commits@impala.incubator.apache.org>
List-Id: <commits.impala.incubator.apache.org>
Reply-To: dev@impala.incubator.apache.org
Delivered-To: mailing list commits@impala.incubator.apache.org
Received: (qmail 75549 invoked by uid 99); 12 Apr 2016 21:18:41 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO
 spamd1-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Apr 2016 21:18:41 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org)
 with ESMTP id 35732C04AF
	for <commits@impala.apache.org>; Tue, 12 Apr 2016 21:18:41 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -4.216
X-Spam-Level: 
X-Spam-Status: No, score=-4.216 tagged_above=-999 required=6.31
	tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1,
	RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01,
	RP_MATCHES_RCVD=-0.996] autolearn=disabled
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new,
 port 10024)
	with ESMTP id Kioxaihw7wov for <commits@impala.apache.org>;
	Tue, 12 Apr 2016 21:18:39 +0000 (UTC)
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with SMTP
 id F324060F43
	for <commits@impala.incubator.apache.org>;
 Tue, 12 Apr 2016 21:18:36 +0000 (UTC)
Received: (qmail 74312 invoked by uid 99); 12 Apr 2016 21:18:36 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org)
 (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Apr 2016 21:18:36 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at
 git1-us-west.apache.org, from userid 33)
	id 43E2BE032D; Tue, 12 Apr 2016 21:18:36 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: tarmstrong@apache.org
To: commits@impala.incubator.apache.org
Date: Tue, 12 Apr 2016 21:18:52 -0000
Message-Id: <242ce6c8c713473991388ad16fecd7be@git.apache.org>
In-Reply-To: <412ef27135be438f9dae79ef8cd34525@git.apache.org>
References: <412ef27135be438f9dae79ef8cd34525@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [18/50] incubator-impala git commit: IMPALA-3072: Allow frame
 embedding for webserver pages

IMPALA-3072: Allow frame embedding for webserver pages

Check that 'X-Frame-Options' HTTP header is set in a webserver replies.
Allow changing the value of the header and test that the value is
changed as server configuration is changed.

Change-Id: I091f00ce62f4ffc58c04459241aeb7a31e104bb4
Reviewed-on: http://gerrit.cloudera.org:8080/2299
Reviewed-by: Henry Robinson <henry@cloudera.com>
Tested-by: Internal Jenkins


Project: http://git-wip-us.apache.org/repos/asf/incubator-impala/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-impala/commit/97b52338
Tree: http://git-wip-us.apache.org/repos/asf/incubator-impala/tree/97b52338
Diff: http://git-wip-us.apache.org/repos/asf/incubator-impala/diff/97b52338

Branch: refs/heads/master
Commit: 97b523389e7604183c23574842bd6c35385aa7f5
Parents: 2d0b944
Author: oxpa <iippolitov@gmail.com>
Authored: Thu Feb 25 09:17:57 2016 +0300
Committer: Internal Jenkins <cloudera-hudson@gerrit.cloudera.org>
Committed: Wed Mar 30 09:25:33 2016 +0000

----------------------------------------------------------------------
 be/src/util/webserver-test.cc | 22 +++++++++++++++++++---
 be/src/util/webserver.cc      |  8 ++++++--
 2 files changed, 25 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/97b52338/be/src/util/webserver-test.cc
----------------------------------------------------------------------
diff --git a/be/src/util/webserver-test.cc b/be/src/util/webserver-test.cc
index d119cc1..392334b 100644
--- a/be/src/util/webserver-test.cc
+++ b/be/src/util/webserver-test.cc
@@ -27,6 +27,7 @@ DECLARE_string(webserver_password_file);
 DECLARE_string(webserver_certificate_file);
 DECLARE_string(webserver_private_key_file);
 DECLARE_string(webserver_private_key_password_cmd);
+DECLARE_string(webserver_x_frame_options);
 
 #include "common/names.h"
 
@@ -296,14 +297,29 @@ TEST(Webserver, NoFrameEmbeddingTest) {
   const string FRAME_TEST_PATH = "/frames_test";
   Webserver webserver(FLAGS_webserver_port);
   Webserver::UrlCallback callback = bind<void>(FrameCallback, _1, _2);
-  webserver.RegisterUrlCallback(FRAME_TEST_PATH, "raw-text.tmpl", callback);
+  webserver.RegisterUrlCallback(FRAME_TEST_PATH, "raw_text.tmpl", callback);
   ASSERT_OK(webserver.Start());
   stringstream contents;
   ASSERT_OK(HttpGet("localhost", FLAGS_webserver_port,
       FRAME_TEST_PATH, &contents, 200));
 
-  // Confirm that the embedded frame isn't rendered
-  ASSERT_TRUE(contents.str().find("Metrics") == string::npos);
+  // Confirm that there is an HTTP header to deny framing
+  ASSERT_FALSE(contents.str().find("X-Frame-Options: DENY") == string::npos);
+}
+TEST(Webserver, FrameAllowEmbeddingTest) {
+  const string FRAME_TEST_PATH = "/frames_test";
+  ScopedFlagSetter<string> webserver_x_frame_options(&FLAGS_webserver_x_frame_options,
+      "ALLOWALL");
+  Webserver webserver(FLAGS_webserver_port);
+  Webserver::UrlCallback callback = bind<void>(FrameCallback, _1, _2);
+  webserver.RegisterUrlCallback(FRAME_TEST_PATH, "raw_text.tmpl", callback);
+  ASSERT_OK(webserver.Start());
+  stringstream contents;
+  ASSERT_OK(HttpGet("localhost", FLAGS_webserver_port,
+      FRAME_TEST_PATH, &contents, 200));
+
+  // Confirm that there is an HTTP header to allow framing
+  ASSERT_FALSE(contents.str().find("X-Frame-Options: ALLOWALL") == string::npos);
 }
 
 const string STRING_WITH_NULL = "123456789\0ABCDE";

http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/97b52338/be/src/util/webserver.cc
----------------------------------------------------------------------
diff --git a/be/src/util/webserver.cc b/be/src/util/webserver.cc
index 8eb05ae..106e37a 100644
--- a/be/src/util/webserver.cc
+++ b/be/src/util/webserver.cc
@@ -92,6 +92,9 @@ DEFINE_string(webserver_password_file, "",
     "(Optional) Location of .htpasswd file containing user names and hashed passwords for"
     " debug webserver authentication");
 
+DEFINE_string(webserver_x_frame_options, "DENY", 
+    "webserver will add X-Frame-Options HTTP header with this value");
+
 static const char* DOC_FOLDER = "/www/";
 static const int DOC_FOLDER_LEN = strlen(DOC_FOLDER);
 
@@ -138,11 +141,12 @@ string BuildHeaderString(ResponseCode response, ContentType content_type) {
   static const string RESPONSE_TEMPLATE = "HTTP/1.1 $0 $1\r\n"
       "Content-Type: text/$2\r\n"
       "Content-Length: %d\r\n"
-      "X-Frame-Options: DENY\r\n"
+      "X-Frame-Options: $3\r\n"
       "\r\n";
 
   return Substitute(RESPONSE_TEMPLATE, response, response == OK ? "OK" : "Not found",
-      content_type == HTML ? "html" : "plain");
+      content_type == HTML ? "html" : "plain",
+      FLAGS_webserver_x_frame_options.c_str());
 }
 
 Webserver::Webserver()