You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Larry McCay (JIRA)" <ji...@apache.org> on 2016/08/28 16:29:21 UTC
[jira] [Commented] (HADOOP-13008) Add XFS Filter for UIs to Hadoop
Common
[ https://issues.apache.org/jira/browse/HADOOP-13008?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15443708#comment-15443708 ]
Larry McCay commented on HADOOP-13008:
--------------------------------------
[~cnauroth] - I don't think that this was ever committed to branch-2.8.
Is there some reason to not do so?
> Add XFS Filter for UIs to Hadoop Common
> ---------------------------------------
>
> Key: HADOOP-13008
> URL: https://issues.apache.org/jira/browse/HADOOP-13008
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Larry McCay
> Assignee: Larry McCay
> Fix For: 2.8.0
>
> Attachments: HADOOP-13008-001.patch, HADOOP-13008-002.patch, HADOOP-13008-003.patch, HADOOP-13008-004.patch
>
>
> Cross Frame Scripting (XFS) prevention for UIs can be provided through a common servlet filter. This filter will set the X-Frame-Options HTTP header to DENY unless configured to another valid setting.
> There are a number of UIs that could just add this to their filters as well as the Yarn webapp proxy which could add it for all it's proxied UIs - if appropriate.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org