Return-Path: 
 <ambari-dev-return-18049-apmail-incubator-ambari-dev-archive=incubator.apache.org@incubator.apache.org>
X-Original-To: apmail-incubator-ambari-dev-archive@minotaur.apache.org
Delivered-To: apmail-incubator-ambari-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 98295107E4
	for <apmail-incubator-ambari-dev-archive@minotaur.apache.org>;
 Mon, 18 Nov 2013 18:01:28 +0000 (UTC)
Received: (qmail 76117 invoked by uid 500); 18 Nov 2013 18:01:28 -0000
Delivered-To: apmail-incubator-ambari-dev-archive@incubator.apache.org
Received: (qmail 76040 invoked by uid 500); 18 Nov 2013 18:01:26 -0000
Mailing-List: contact ambari-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:ambari-dev-help@incubator.apache.org>
List-Unsubscribe: <mailto:ambari-dev-unsubscribe@incubator.apache.org>
List-Post: <mailto:ambari-dev@incubator.apache.org>
List-Id: <ambari-dev.incubator.apache.org>
Reply-To: ambari-dev@incubator.apache.org
Delivered-To: mailing list ambari-dev@incubator.apache.org
Received: (qmail 75880 invoked by uid 99); 18 Nov 2013 18:01:25 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 18 Nov 2013 18:01:25 +0000
Date: Mon, 18 Nov 2013 18:01:25 +0000 (UTC)
From: "Yusaku Sako (JIRA)" <jira@apache.org>
To: ambari-dev@incubator.apache.org
Message-ID: <JIRA.12679595.1384636747020.91565.1384797685541@arcas>
In-Reply-To: <JIRA.12679595.1384636747020@arcas>
References: <JIRA.12679595.1384636747020@arcas>
Subject: [jira] [Commented] (AMBARI-3788) Perform E2E testing of Ambari with
 api.csrfPrevention.enabled=true
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/AMBARI-3788?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13825537#comment-13825537 ] 

Yusaku Sako commented on AMBARI-3788:
-------------------------------------

Nice.  Thanks [~BuzhorDenys].

> Perform E2E testing of Ambari with api.csrfPrevention.enabled=true
> ------------------------------------------------------------------
>
>                 Key: AMBARI-3788
>                 URL: https://issues.apache.org/jira/browse/AMBARI-3788
>             Project: Ambari
>          Issue Type: Task
>          Components: client
>    Affects Versions: 1.4.2
>            Reporter: Denys Buzhor
>            Assignee: Denys Buzhor
>             Fix For: 1.4.2
>
>         Attachments: results.txt
>
>
> Set *api.csrfPrevention.enabled=true* in *ambari.properties*, restart ambari server, and verify that Ambari Web works properly with that option on.
> Before testing Ambari Web, make sure that the POST calls to the API does NOT work unless you pass the *X-Requested-By* option (to make sure that the CSRF filter is in effect).



--
This message was sent by Atlassian JIRA
(v6.1#6144)