You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Allen Wittenauer (JIRA)" <ji...@apache.org> on 2017/09/27 02:43:03 UTC

[jira] [Assigned] (HADOOP-14908) CrossOriginFilter should trigger regex on more input

     [ https://issues.apache.org/jira/browse/HADOOP-14908?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Allen Wittenauer reassigned HADOOP-14908:
-----------------------------------------

    Assignee: Allen Wittenauer

> CrossOriginFilter should trigger regex on more input
> ----------------------------------------------------
>
>                 Key: HADOOP-14908
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14908
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: common, security
>    Affects Versions: 3.0.0-beta1
>            Reporter: Allen Wittenauer
>            Assignee: Allen Wittenauer
>
> Currently,  CrossOriginFilter.java limits regex matching only if there is an asterisk (\*) in the config.
> {code}
> if (allowedOrigin.contains("*")) {
> {code}
> This means that entries such as:
> {code}
> http?://foo.example.com
> https://[a-z][0-9].example.com
> {code}
> ... and other patterns that succinctly limit the input space need to either be fully expanded or dramatically have their space increased by using an asterisk in order to pass through the filter.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org