You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@metron.apache.org by "Simon Elliston Ball (JIRA)" <ji...@apache.org> on 2018/07/23 15:21:00 UTC

[jira] [Created] (METRON-1688) Pass through of CSRF protection for proxied api calls

Simon Elliston Ball created METRON-1688:
-------------------------------------------

             Summary: Pass through of CSRF protection for proxied api calls
                 Key: METRON-1688
                 URL: https://issues.apache.org/jira/browse/METRON-1688
             Project: Metron
          Issue Type: Sub-task
            Reporter: Simon Elliston Ball


With the UIs hosted through a proxy, and the potential for multiple backends, ownership of CSRF protection headers is unclear, and also impossible to pass through due to conflicts.

We should use the front-end host to protect and proxy the CSRF protection to allow the backend to be picky about its level of CSRF protection.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)