You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@drill.apache.org by GitBox <gi...@apache.org> on 2021/06/01 08:32:10 UTC

[GitHub] [drill] Leon-WTF commented on a change in pull request #2225: DRILL-7922: Add import profile function

Leon-WTF commented on a change in pull request #2225:
URL: https://github.com/apache/drill/pull/2225#discussion_r642895394



##########
File path: exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/WebUtils.java
##########
@@ -55,7 +55,10 @@
   public static String getCsrfTokenFromHttpRequest(HttpServletRequest request) {
     // No need to create a session if not present (i.e. if a user is logged in)
     HttpSession session = request.getSession(false);
-    return session == null ? "" : (String) session.getAttribute(WebServerConstants.CSRF_TOKEN);
+    String res = session == null ? "" :
+      (String) session.getAttribute(WebServerConstants.CSRF_TOKEN);
+    // In case session is created when authentication is disabled
+    return res == null ? "" : res;

Review comment:
       if drill.exec.security.user.auth.enabled=false, WebServerConstants.CSRF_TOKEN attribute will not be added into the session, after I created the session, this function will return null, which will cause exception when rending the profile page




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org