You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@storm.apache.org by pt...@apache.org on 2015/05/15 20:56:37 UTC

[11/12] storm git commit: remove CSRF doc brought in by cherry-pick

remove CSRF doc brought in by cherry-pick


Project: http://git-wip-us.apache.org/repos/asf/storm/repo
Commit: http://git-wip-us.apache.org/repos/asf/storm/commit/29a32ff5
Tree: http://git-wip-us.apache.org/repos/asf/storm/tree/29a32ff5
Diff: http://git-wip-us.apache.org/repos/asf/storm/diff/29a32ff5

Branch: refs/heads/0.10.x-branch
Commit: 29a32ff50519ad1c0cb232be7890f2b635cadfad
Parents: d3eeb74
Author: P. Taylor Goetz <pt...@gmail.com>
Authored: Fri May 15 14:32:18 2015 -0400
Committer: P. Taylor Goetz <pt...@gmail.com>
Committed: Fri May 15 14:32:18 2015 -0400

----------------------------------------------------------------------
 STORM-UI-REST-API.md | 35 -----------------------------------
 1 file changed, 35 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/storm/blob/29a32ff5/STORM-UI-REST-API.md
----------------------------------------------------------------------
diff --git a/STORM-UI-REST-API.md b/STORM-UI-REST-API.md
index 6d1b8bb..e663136 100644
--- a/STORM-UI-REST-API.md
+++ b/STORM-UI-REST-API.md
@@ -573,42 +573,8 @@ Sample response:
 }
 ```
 
-### /api/v1/token (GET)
-
-Returns a anti forgery token to use in POST calls
-
-Response fields:
-
-|Field  |Value |Description|
-|antiForgeryToken| String | CSRF token|
-
-Sample response:
-
-```json
-{
-    "antiForgeryToken": "Dygf1UHQF7qL0syKLTKEGSX5y0rZhhQTxS2f/WWwI2PhN1zmRdh8MQ1KTd5CXRmjMVmAJ43eklqYmvD5"
-}
-```
-
 ## POST Operations
 
-### Cross site request forgery (CSRF) prevention in POST requests
-
-In order to prevent CSRF vulnerability, the REST API uses a CSRF token. This is primarily done for the UI, however we
-do not have alternative APIs/paths for UI and non-UI clients.
-
-The token is generated during the `/api/v1/topology/:id` (GET) request. The JSON response for this GET request contains
-a field called "antiForgeryToken". All the post requests below must include a header "x-csrf-token" with the value of
-"antiForgeryToken" from the GET response. In absence of this header with the right token value you will get following
-error response:
-
-```
-{
-    "error" : "Forbidden action.",
-    "errorMessage" : "missing CSRF token."
-}
-```
-
 ### /api/v1/uploadTopology (POST)
 
 uploads a topology.
@@ -628,7 +594,6 @@ Examples:
 
 ```no-highlight
 curl  -i -b ~/cookiejar.txt -c ~/cookiejar.txt -X POST  
--H 'x-csrf-token: ycit8Wi89ZdAOo9KKaka/Pvd0vnx8TZzP8xSDDSw8J8bTfyn4jz38VN4Xcb7CF6xigRzDLaGVHbrSj80'  
 -F topologyConfig='{"topologyMainClass": "storm.starter.WordCountTopology", "topologyMainClassArgs": ["wordcount1"]}' 
 -F topologyJar=@examples/storm-starter/storm-starter-topologies-0.10.0-SNAPSHOT.jar 
 http://localhost:8080/api/v1/uploadTopology