ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/2] incubator-ranger git commit: RANGER-1309 - Check for header first in RangerCSRFPreventionFilter
Date Wed, 18 Jan 2017 09:55:41 GMT
RANGER-1309 - Check for header first in RangerCSRFPreventionFilter

Signed off by Vel


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/18406ea5
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/18406ea5
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/18406ea5

Branch: refs/heads/master
Commit: 18406ea591c17c2e8c6d2e522ea8ac6fe7f6b21a
Parents: 07f0fee
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Jan 18 09:53:20 2017 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Jan 18 09:53:20 2017 +0000

----------------------------------------------------------------------
 .../ranger/security/web/filter/RangerCSRFPreventionFilter.java | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/18406ea5/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerCSRFPreventionFilter.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerCSRFPreventionFilter.java
b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerCSRFPreventionFilter.java
index 4942eb3..36a0fa3 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerCSRFPreventionFilter.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerCSRFPreventionFilter.java
@@ -160,9 +160,9 @@ public class RangerCSRFPreventionFilter implements Filter {
 	
 	public void handleHttpInteraction(HttpInteraction httpInteraction)
 			throws IOException, ServletException {
-		if (!isBrowser(httpInteraction.getHeader(HEADER_USER_AGENT))
-				|| methodsToIgnore.contains(httpInteraction.getMethod())
-				|| httpInteraction.getHeader(headerName) != null) {
+		if (httpInteraction.getHeader(headerName) != null
+				|| !isBrowser(httpInteraction.getHeader(HEADER_USER_AGENT))
+				|| methodsToIgnore.contains(httpInteraction.getMethod())) {
 			httpInteraction.proceed();
 		}else {
 			httpInteraction.sendError(HttpServletResponse.SC_BAD_REQUEST,"Missing Required Header
for CSRF Vulnerability Protection");


Mime
View raw message