Return-Path: X-Original-To: apmail-incubator-ambari-commits-archive@minotaur.apache.org Delivered-To: apmail-incubator-ambari-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E355B109C5 for ; Fri, 22 Nov 2013 13:39:41 +0000 (UTC) Received: (qmail 94929 invoked by uid 500); 22 Nov 2013 13:39:41 -0000 Delivered-To: apmail-incubator-ambari-commits-archive@incubator.apache.org Received: (qmail 94919 invoked by uid 500); 22 Nov 2013 13:39:41 -0000 Mailing-List: contact ambari-commits-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: ambari-dev@incubator.apache.org Delivered-To: mailing list ambari-commits@incubator.apache.org Received: (qmail 94912 invoked by uid 99); 22 Nov 2013 13:39:40 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 22 Nov 2013 13:39:40 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id A82AF901CDD; Fri, 22 Nov 2013 13:39:40 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: mpapirkovskyy@apache.org To: ambari-commits@incubator.apache.org Message-Id: <2f53d6079f614e9c88639fe7405f0c76@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: git commit: AMBARI-3825. Enable CSRF protection by default. (mpapirkovskyy) Date: Fri, 22 Nov 2013 13:39:40 +0000 (UTC) Updated Branches: refs/heads/trunk 7a6e05ec4 -> a4dee94c5 AMBARI-3825. Enable CSRF protection by default. (mpapirkovskyy) Project: http://git-wip-us.apache.org/repos/asf/incubator-ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ambari/commit/a4dee94c Tree: http://git-wip-us.apache.org/repos/asf/incubator-ambari/tree/a4dee94c Diff: http://git-wip-us.apache.org/repos/asf/incubator-ambari/diff/a4dee94c Branch: refs/heads/trunk Commit: a4dee94c54209f5714e2a0a1beee6af99317a394 Parents: 7a6e05e Author: Myroslav Papirkovskyy Authored: Fri Nov 22 15:38:53 2013 +0200 Committer: Myroslav Papirkovskyy Committed: Fri Nov 22 15:38:53 2013 +0200 ---------------------------------------------------------------------- .../java/org/apache/ambari/server/configuration/Configuration.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/a4dee94c/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java index b92441b..dd6b66d 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java @@ -200,7 +200,7 @@ public class Configuration { public static final String CLIENT_API_SSL_KEY_NAME_DEFAULT = "https.key"; public static final String CLIENT_API_SSL_CRT_NAME_DEFAULT = "https.crt"; - private static final String API_CSRF_PREVENTION_DEFAULT = "false"; //TODO should be set to true for release + private static final String API_CSRF_PREVENTION_DEFAULT = "true"; private static final String SRVR_CRT_PASS_FILE_DEFAULT ="pass.txt"; private static final String SRVR_CRT_PASS_LEN_DEFAULT = "50";