You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@falcon.apache.org by "Ying Zheng (JIRA)" <ji...@apache.org> on 2016/07/20 01:23:20 UTC

[jira] [Commented] (FALCON-2082) Add CSRF filter for REST APIs

    [ https://issues.apache.org/jira/browse/FALCON-2082?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15385160#comment-15385160 ] 

Ying Zheng commented on FALCON-2082:
------------------------------------

Prototyped with RestCsrfPreventionFilter in Hadoop 2.8.0. Tested with empty header and CSRF filter enabled that GET methods get accepted while POST methods are rejected as expected. See attached picture. If we use RestCsrfPreventionFilter, it requires us to upgrade hadoop version to 2.8.0. Let me know if there is any objection on this. Thank you!

> Add CSRF filter for REST APIs
> -----------------------------
>
>                 Key: FALCON-2082
>                 URL: https://issues.apache.org/jira/browse/FALCON-2082
>             Project: Falcon
>          Issue Type: Improvement
>            Reporter: Ying Zheng
>            Assignee: Ying Zheng
>         Attachments: Screen Shot 2016-07-19 at 4.54.29 PM.png
>
>
> A CSRF filter was added to Hadoop common (https://issues.apache.org/jira/browse/HADOOP-12691). This JIRA is to integrate this filter into Falcon REST API post methods.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)