You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "Jerry He (JIRA)" <ji...@apache.org> on 2016/02/01 23:14:39 UTC

[jira] [Commented] (HBASE-15187) Integrate CSRF prevention filter to REST gateway

    [ https://issues.apache.org/jira/browse/HBASE-15187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15127147#comment-15127147 ] 

Jerry He commented on HBASE-15187:
----------------------------------

A couple of comments.

1.  In the rest.client.Client.java, there is a method addExtraHeader(). 
Is it possible to use this method instead of adding the extra parameter in the request methods (PUT, DELETE)?  Otherwise, do you need to add to other methods as well (POST)?

2. I am not sure if we want to include the RestCsrfPreventionFilter into HBase.
Given it is not in any Hadoop release yet, it probably depends on the urgency of the risk.

Other than these, the patch looks good.

> Integrate CSRF prevention filter to REST gateway
> ------------------------------------------------
>
>                 Key: HBASE-15187
>                 URL: https://issues.apache.org/jira/browse/HBASE-15187
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Ted Yu
>            Assignee: Ted Yu
>         Attachments: HBASE-15187.v1.patch, HBASE-15187.v2.patch
>
>
> HADOOP-12691 introduced a filter in Hadoop Common to help REST APIs guard against cross-site request forgery attacks.
> This issue tracks the integration of that filter into HBase REST gateway.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)