You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by mp...@apache.org on 2013/11/22 14:39:40 UTC
git commit: AMBARI-3825. Enable CSRF protection by default.
(mpapirkovskyy)
Updated Branches:
refs/heads/trunk 7a6e05ec4 -> a4dee94c5
AMBARI-3825. Enable CSRF protection by default. (mpapirkovskyy)
Project: http://git-wip-us.apache.org/repos/asf/incubator-ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ambari/commit/a4dee94c
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ambari/tree/a4dee94c
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ambari/diff/a4dee94c
Branch: refs/heads/trunk
Commit: a4dee94c54209f5714e2a0a1beee6af99317a394
Parents: 7a6e05e
Author: Myroslav Papirkovskyy <mp...@hortonworks.com>
Authored: Fri Nov 22 15:38:53 2013 +0200
Committer: Myroslav Papirkovskyy <mp...@hortonworks.com>
Committed: Fri Nov 22 15:38:53 2013 +0200
----------------------------------------------------------------------
.../java/org/apache/ambari/server/configuration/Configuration.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/a4dee94c/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
index b92441b..dd6b66d 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
@@ -200,7 +200,7 @@ public class Configuration {
public static final String CLIENT_API_SSL_KEY_NAME_DEFAULT = "https.key";
public static final String CLIENT_API_SSL_CRT_NAME_DEFAULT = "https.crt";
- private static final String API_CSRF_PREVENTION_DEFAULT = "false"; //TODO should be set to true for release
+ private static final String API_CSRF_PREVENTION_DEFAULT = "true";
private static final String SRVR_CRT_PASS_FILE_DEFAULT ="pass.txt";
private static final String SRVR_CRT_PASS_LEN_DEFAULT = "50";