You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Sean Roberts (JIRA)" <ji...@apache.org> on 2018/02/27 16:30:00 UTC
[jira] [Updated] (AMBARI-23095) knoxsso.redirect.whitelist.regex
should not require a port number
[ https://issues.apache.org/jira/browse/AMBARI-23095?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sean Roberts updated AMBARI-23095:
----------------------------------
Description:
The default 'knoxsso.redirect.whitelist.regex' is set to require a port number meaning it won't work for redirects to normal HTTP and HTTPS on :80 and :443:
https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/knoxsso-topology.xml#L109-L110
{code}
^https?:\/\/(localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$
{code}
Proposal is to make the port optional and validate that anything after the host or port starts with /.
{code}
^https?:\/\/(localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1)(:[0-9]+)?(\/|\/.*)?$
{code}
was:
The default 'knoxsso.redirect.whitelist.regex' is set to require a port number meaning it won't work for redirects to normal HTTP and HTTPS on :80 and :443:
https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/knoxsso-topology.xml#L109-L110
{code}
^https?:\/\/(localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$
{code}
Proposal is to make the port optional and validate that anything after the host or port starts with /.
> knoxsso.redirect.whitelist.regex should not require a port number
> -----------------------------------------------------------------
>
> Key: AMBARI-23095
> URL: https://issues.apache.org/jira/browse/AMBARI-23095
> Project: Ambari
> Issue Type: Bug
> Components: stacks
> Affects Versions: 2.5.0, trunk, 2.6.2
> Reporter: Sean Roberts
> Priority: Major
> Labels: knox
>
> The default 'knoxsso.redirect.whitelist.regex' is set to require a port number meaning it won't work for redirects to normal HTTP and HTTPS on :80 and :443:
> https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/knoxsso-topology.xml#L109-L110
> {code}
> ^https?:\/\/(localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$
> {code}
> Proposal is to make the port optional and validate that anything after the host or port starts with /.
> {code}
> ^https?:\/\/(localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1)(:[0-9]+)?(\/|\/.*)?$
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)