You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@storm.apache.org by "Sriharsha Chintalapani (JIRA)" <ji...@apache.org> on 2015/01/03 22:11:34 UTC

[jira] [Commented] (STORM-608) Storm UI CSRF escape characters not work correctly

    [ https://issues.apache.org/jira/browse/STORM-608?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14263637#comment-14263637 ] 

Sriharsha Chintalapani commented on STORM-608:
----------------------------------------------

[~zxzxy1988] It looks like the issue is with simple-json that storm uses to convert map to a json response.
Here is the ticket on simple-json https://code.google.com/p/json-simple/issues/detail?id=8 . 

> Storm UI CSRF escape characters not work correctly
> --------------------------------------------------
>
>                 Key: STORM-608
>                 URL: https://issues.apache.org/jira/browse/STORM-608
>             Project: Apache Storm
>          Issue Type: Bug
>    Affects Versions: 0.9.3
>            Reporter: Xiaoyong Zhu
>            Priority: Minor
>
> When trying to use the REST API to active or detactive storm topology using C# Httpclient, there are random failures.
> I do some more investigate about the random error 
> We find some x-csrf-token getting from the first http get request contains “\/”, for example “\/dE\/k8N5H0Ora1IY9UAfx3fc7M4b0EZOMbWUXdUNn9IitAjOhmup+OiHx\/v5W+kUuWu4TkBsFsfvd7Km”
> which will fail.
> If I replace \/ with /  and this should be  /dE/k8N5H0Ora1IY9UAfx3fc7M4b0EZOMbWUXdUNn9IitAjOhmup+OiHx/v5W+kUuWu4TkBsFsfvd7Km,
> and the second token could work successfully while the first does not.
> we assume this is caused by some escape letters.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)