You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Troy Melhase (JIRA)" <ji...@apache.org> on 2019/04/19 19:11:00 UTC

[jira] [Comment Edited] (NIFI-6019) Remove Trusted Hostname property from InvokeHTTP processor

    [ https://issues.apache.org/jira/browse/NIFI-6019?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16822138#comment-16822138 ] 

Troy Melhase edited comment on NIFI-6019 at 4/19/19 7:10 PM:
-------------------------------------------------------------

Removing the property breaks existing processors.  Left a comment in the PR:

https://github.com/apache/nifi/pull/3436

Not sure the best approach to resolve the header issue.  Perhaps:

- when using dynamic properties to set headers, skip any in a static exclusion list (containing "Trusted Name")
- when setting headers, escape the header name to avoid the exception
- clean/remove/migrate any existing instances of the property



was (Author: tmelhase):
Removing the property breaks existing processors.  Left a comment in the PR:

https://github.com/apache/nifi/pull/3441

Not sure the best approach to resolve the header issue.  Perhaps:

- when using dynamic properties to set headers, skip any in a static exclusion list (containing "Trusted Name")
- when setting headers, escape the header name to avoid the exception
- clean/remove/migrate any existing instances of the property


> Remove Trusted Hostname property from InvokeHTTP processor
> ----------------------------------------------------------
>
>                 Key: NIFI-6019
>                 URL: https://issues.apache.org/jira/browse/NIFI-6019
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Extensions
>    Affects Versions: 1.8.0
>            Reporter: Andy LoPresto
>            Assignee: Troy Melhase
>            Priority: Major
>              Labels: InvokeHTTP, certificate, hostname, http, security, tls
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> The {{Trusted Hostname}} property in the {{InvokeHTTP}} processor is a legacy property created for a specific use in constrained environments. It now causes more problems than it solves ([mailing list questions|https://lists.apache.org/list.html?users@nifi.apache.org:gte=1d:trusted%20hostname]) and should not be provided as it is a security risk. Removing this property and encouraging users to correctly deploy TLS certificates when necessary is the correct path forward. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)