You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ambari.apache.org by mp...@apache.org on 2013/11/22 14:39:40 UTC

git commit: AMBARI-3825. Enable CSRF protection by default. (mpapirkovskyy)

Updated Branches:
  refs/heads/trunk 7a6e05ec4 -> a4dee94c5


AMBARI-3825.  Enable CSRF protection by default. (mpapirkovskyy)


Project: http://git-wip-us.apache.org/repos/asf/incubator-ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ambari/commit/a4dee94c
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ambari/tree/a4dee94c
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ambari/diff/a4dee94c

Branch: refs/heads/trunk
Commit: a4dee94c54209f5714e2a0a1beee6af99317a394
Parents: 7a6e05e
Author: Myroslav Papirkovskyy <mp...@hortonworks.com>
Authored: Fri Nov 22 15:38:53 2013 +0200
Committer: Myroslav Papirkovskyy <mp...@hortonworks.com>
Committed: Fri Nov 22 15:38:53 2013 +0200

----------------------------------------------------------------------
 .../java/org/apache/ambari/server/configuration/Configuration.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/a4dee94c/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
index b92441b..dd6b66d 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
@@ -200,7 +200,7 @@ public class Configuration {
   public static final String CLIENT_API_SSL_KEY_NAME_DEFAULT = "https.key";
   public static final String CLIENT_API_SSL_CRT_NAME_DEFAULT = "https.crt";
 
-  private static final String API_CSRF_PREVENTION_DEFAULT = "false"; //TODO should be set to true for release
+  private static final String API_CSRF_PREVENTION_DEFAULT = "true";
 
   private static final String SRVR_CRT_PASS_FILE_DEFAULT ="pass.txt";
   private static final String SRVR_CRT_PASS_LEN_DEFAULT = "50";