You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@metron.apache.org by "Simon Elliston Ball (JIRA)" <ji...@apache.org> on 2018/07/23 15:21:00 UTC
[jira] [Created] (METRON-1688) Pass through of CSRF protection for
proxied api calls
Simon Elliston Ball created METRON-1688:
-------------------------------------------
Summary: Pass through of CSRF protection for proxied api calls
Key: METRON-1688
URL: https://issues.apache.org/jira/browse/METRON-1688
Project: Metron
Issue Type: Sub-task
Reporter: Simon Elliston Ball
With the UIs hosted through a proxy, and the potential for multiple backends, ownership of CSRF protection headers is unclear, and also impossible to pass through due to conflicts.
We should use the front-end host to protect and proxy the CSRF protection to allow the backend to be picky about its level of CSRF protection.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)