You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Bryan Bende (Jira)" <ji...@apache.org> on 2020/07/28 20:52:00 UTC
[jira] [Created] (NIFI-7684) SanitizationContextPathFilter should
be applied to nifi-web-api war
Bryan Bende created NIFI-7684:
---------------------------------
Summary: SanitizationContextPathFilter should be applied to nifi-web-api war
Key: NIFI-7684
URL: https://issues.apache.org/jira/browse/NIFI-7684
Project: Apache NiFi
Issue Type: Improvement
Affects Versions: 1.11.4
Reporter: Bryan Bende
If you setup a proxy to nifi-api and do not add the proxy context path to nifi.proxy.context.path, some end-points will throw an exception about the context path not being whitelisted when producing a URI in the response...
{code:java}
ERROR [NiFi Web Server-3829] o.a.nifi.web.api.config.ThrowableMapper An unexpected error has occurred: javax.ws.rs.core.UriBuilderException: The provided context path [/my-api-proxy] was not whitelisted [/my-ui-proxy]. Returning Internal Server Error response.
javax.ws.rs.core.UriBuilderException: The provided context path [/my-api-proxy] was not whitelisted [/my-ui-proxy]
at org.apache.nifi.web.util.WebUtils.verifyContextPath(WebUtils.java:154)
at org.apache.nifi.web.util.WebUtils.getResourcePath(WebUtils.java:127)
at org.apache.nifi.web.api.ApplicationResource.buildResourceUri(ApplicationResource.java:166)
at org.apache.nifi.web.api.ApplicationResource.generateResourceUri(ApplicationResource.java:145)
at org.apache.nifi.web.api.ProcessGroupResource.populateRemainingProcessGroupEntityContent(ProcessGroupResource.java:235)
at org.apache.nifi.web.api.ProcessGroupResource.getProcessGroup(ProcessGroupResource.java:305)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498) {code}
We should apply the SanitizationContextPathFilter to the nifi-web-api war so that the above request is rejected even earlier before it gets to generating URIs in the response.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)