You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Bryan Bende (Jira)" <ji...@apache.org> on 2020/07/28 20:52:00 UTC

[jira] [Created] (NIFI-7684) SanitizationContextPathFilter should be applied to nifi-web-api war

Bryan Bende created NIFI-7684:
---------------------------------

             Summary: SanitizationContextPathFilter should be applied to nifi-web-api war
                 Key: NIFI-7684
                 URL: https://issues.apache.org/jira/browse/NIFI-7684
             Project: Apache NiFi
          Issue Type: Improvement
    Affects Versions: 1.11.4
            Reporter: Bryan Bende


If you setup a proxy to nifi-api and do not add the proxy context path to nifi.proxy.context.path, some end-points will throw an exception about the context path not being whitelisted when producing a URI in the response...
{code:java}
ERROR [NiFi Web Server-3829] o.a.nifi.web.api.config.ThrowableMapper An unexpected error has occurred: javax.ws.rs.core.UriBuilderException: The provided context path [/my-api-proxy] was not whitelisted [/my-ui-proxy]. Returning Internal Server Error response.
  javax.ws.rs.core.UriBuilderException: The provided context path [/my-api-proxy] was not whitelisted [/my-ui-proxy]
  	at org.apache.nifi.web.util.WebUtils.verifyContextPath(WebUtils.java:154)
  	at org.apache.nifi.web.util.WebUtils.getResourcePath(WebUtils.java:127)
  	at org.apache.nifi.web.api.ApplicationResource.buildResourceUri(ApplicationResource.java:166)
  	at org.apache.nifi.web.api.ApplicationResource.generateResourceUri(ApplicationResource.java:145)
  	at org.apache.nifi.web.api.ProcessGroupResource.populateRemainingProcessGroupEntityContent(ProcessGroupResource.java:235)
  	at org.apache.nifi.web.api.ProcessGroupResource.getProcessGroup(ProcessGroupResource.java:305)
  	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
  	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  	at java.lang.reflect.Method.invoke(Method.java:498) {code}
We should apply the SanitizationContextPathFilter to the nifi-web-api war so that the above request is rejected even earlier before it gets to generating URIs in the response.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)