You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "Oleg Nechiporenko (JIRA)" <ji...@apache.org> on 2013/11/13 15:23:22 UTC

[jira] [Created] (AMBARI-3758) Make Ambari Web changes for CSRF prevention

Oleg Nechiporenko created AMBARI-3758:
-----------------------------------------

             Summary: Make Ambari Web changes for CSRF prevention
                 Key: AMBARI-3758
                 URL: https://issues.apache.org/jira/browse/AMBARI-3758
             Project: Ambari
          Issue Type: Bug
          Components: client
    Affects Versions: 1.4.2
            Reporter: Oleg Nechiporenko
            Assignee: Oleg Nechiporenko
             Fix For: 1.4.2


Basically, Ambari Web needs to pass the extra "X-Requested-By" HTTP header for *ALL* POST, PUT, and DELETE calls.  No changes will be made to GET calls (though it is OK to pass this extra HTTP header for GET calls if it's easier to implement that way).



--
This message was sent by Atlassian JIRA
(v6.1#6144)