You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Imran Rashid (JIRA)" <ji...@apache.org> on 2019/01/08 17:27:00 UTC

[jira] [Resolved] (SPARK-24522) Centralize code to deal with security-related HTTP features

     [ https://issues.apache.org/jira/browse/SPARK-24522?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Imran Rashid resolved SPARK-24522.
----------------------------------
       Resolution: Fixed
    Fix Version/s: 3.0.0

Issue resolved by pull request 23302
[https://github.com/apache/spark/pull/23302]

> Centralize code to deal with security-related HTTP features
> -----------------------------------------------------------
>
>                 Key: SPARK-24522
>                 URL: https://issues.apache.org/jira/browse/SPARK-24522
>             Project: Spark
>          Issue Type: Improvement
>          Components: Web UI
>    Affects Versions: 2.4.0
>            Reporter: Marcelo Vanzin
>            Assignee: Marcelo Vanzin
>            Priority: Major
>             Fix For: 3.0.0
>
>
> Currently there's code scattered in a few places to deal with different HTTP-related security features, such as XSS protection.
> The current approach makes it hard to verify that these are applied uniformly across all of Spark.
> We should centralize this code and enforce that it's applied to all UI handlers.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org