You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Yan Xu (JIRA)" <ji...@apache.org> on 2017/05/05 10:03:04 UTC

[jira] [Commented] (MESOS-5918) Replace jsonp with a more secure alternative

    [ https://issues.apache.org/jira/browse/MESOS-5918?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15998026#comment-15998026 ] 

Yan Xu commented on MESOS-5918:
-------------------------------

[~anandmazumdar] could you list what specifically are the security implications of CORS? It would be nice if we can compare the design choices (CORS vs. proxying & are they mutually exclusive)?

> Replace jsonp with a more secure alternative
> --------------------------------------------
>
>                 Key: MESOS-5918
>                 URL: https://issues.apache.org/jira/browse/MESOS-5918
>             Project: Mesos
>          Issue Type: Improvement
>          Components: webui
>            Reporter: Yan Xu
>
> We currently use the {{jsonp}} technique to bypass CORS check. This practice has many security concerns (see discussions on MESOS-5911) so we should replace it with a better alternative.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)