You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-dev@hadoop.apache.org by "Jonathan Eagles (JIRA)" <ji...@apache.org> on 2014/09/09 22:42:28 UTC
[jira] [Created] (YARN-2528) Cross Origin Filter Http response
split vulnerability protection rejects valid origins
Jonathan Eagles created YARN-2528:
-------------------------------------
Summary: Cross Origin Filter Http response split vulnerability protection rejects valid origins
Key: YARN-2528
URL: https://issues.apache.org/jira/browse/YARN-2528
Project: Hadoop YARN
Issue Type: Sub-task
Components: timelineserver
Reporter: Jonathan Eagles
Assignee: Jonathan Eagles
URLEncoding is too strong of a protection for HTTP Response Split Vulnerability protection and major browser reject the encoded Origin. An adequate protection is simply to remove all CRs LFs as in the case of PHP's header function.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)