You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "Oleksandr Diachenko (JIRA)" <ji...@apache.org> on 2018/12/19 23:21:00 UTC

[jira] [Resolved] (KAFKA-7715) Connect should have a parameter to disable WADL output for OPTIONS method

     [ https://issues.apache.org/jira/browse/KAFKA-7715?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Oleksandr Diachenko resolved KAFKA-7715.
----------------------------------------
    Resolution: Won't Fix

Related KIP(KIP-404) was discarded, reported a bug - https://issues.apache.org/jira/browse/KAFKA-7759

> Connect should have a parameter to disable WADL output for OPTIONS method
> -------------------------------------------------------------------------
>
>                 Key: KAFKA-7715
>                 URL: https://issues.apache.org/jira/browse/KAFKA-7715
>             Project: Kafka
>          Issue Type: Improvement
>          Components: config, security
>    Affects Versions: 2.1.0
>            Reporter: Oleksandr Diachenko
>            Assignee: Oleksandr Diachenko
>            Priority: Critical
>             Fix For: 2.1.1
>
>
> Currently, Connect REST API exposes WADL output on OPTIONS method:
> {code:bash}
> curl -i -X OPTIONS http://localhost:8083/connectors
> HTTP/1.1 200 OK
> Date: Fri, 07 Dec 2018 22:51:53 GMT
> Content-Type: application/vnd.sun.wadl+xml
> Allow: HEAD,POST,GET,OPTIONS
> Last-Modified: Fri, 07 Dec 2018 14:51:53 PST
> Content-Length: 1331
> Server: Jetty(9.4.12.v20180830)
> <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
> <application xmlns="http://wadl.dev.java.net/2009/02">
> <doc xmlns:jersey="http://jersey.java.net/" jersey:generatedBy="Jersey: 2.27 2018-04-10 07:34:57"/>
> <grammars>
> <include href="http://localhost:8083/application.wadl/xsd0.xsd">
> <doc title="Generated" xml:lang="en"/>
> </include>
> </grammars>
> <resources base="http://localhost:8083/">
> <resource path="connectors">
> <method id="createConnector" name="POST">
> <request>
> <param xmlns:xs="http://www.w3.org/2001/XMLSchema" name="forward" style="query" type="xs:boolean"/>
> <representation mediaType="application/json"/>
> </request>
> <response>
> <representation mediaType="application/json"/>
> </response>
> </method>
> <method id="listConnectors" name="GET">
> <request>
> <param xmlns:xs="http://www.w3.org/2001/XMLSchema" name="forward" style="query" type="xs:boolean"/>
> </request>
> <response>
> <representation mediaType="application/json"/>
> </response>
> </method>
> </resource>
> </resources>
> </application>
> {code}
> This can be a potential vulnerability, so it makes sense to have a configuration parameter, which disables WADL output.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)