You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@storm.apache.org by pt...@apache.org on 2015/05/15 20:56:37 UTC
[11/12] storm git commit: remove CSRF doc brought in by cherry-pick
remove CSRF doc brought in by cherry-pick
Project: http://git-wip-us.apache.org/repos/asf/storm/repo
Commit: http://git-wip-us.apache.org/repos/asf/storm/commit/29a32ff5
Tree: http://git-wip-us.apache.org/repos/asf/storm/tree/29a32ff5
Diff: http://git-wip-us.apache.org/repos/asf/storm/diff/29a32ff5
Branch: refs/heads/0.10.x-branch
Commit: 29a32ff50519ad1c0cb232be7890f2b635cadfad
Parents: d3eeb74
Author: P. Taylor Goetz <pt...@gmail.com>
Authored: Fri May 15 14:32:18 2015 -0400
Committer: P. Taylor Goetz <pt...@gmail.com>
Committed: Fri May 15 14:32:18 2015 -0400
----------------------------------------------------------------------
STORM-UI-REST-API.md | 35 -----------------------------------
1 file changed, 35 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/storm/blob/29a32ff5/STORM-UI-REST-API.md
----------------------------------------------------------------------
diff --git a/STORM-UI-REST-API.md b/STORM-UI-REST-API.md
index 6d1b8bb..e663136 100644
--- a/STORM-UI-REST-API.md
+++ b/STORM-UI-REST-API.md
@@ -573,42 +573,8 @@ Sample response:
}
```
-### /api/v1/token (GET)
-
-Returns a anti forgery token to use in POST calls
-
-Response fields:
-
-|Field |Value |Description|
-|antiForgeryToken| String | CSRF token|
-
-Sample response:
-
-```json
-{
- "antiForgeryToken": "Dygf1UHQF7qL0syKLTKEGSX5y0rZhhQTxS2f/WWwI2PhN1zmRdh8MQ1KTd5CXRmjMVmAJ43eklqYmvD5"
-}
-```
-
## POST Operations
-### Cross site request forgery (CSRF) prevention in POST requests
-
-In order to prevent CSRF vulnerability, the REST API uses a CSRF token. This is primarily done for the UI, however we
-do not have alternative APIs/paths for UI and non-UI clients.
-
-The token is generated during the `/api/v1/topology/:id` (GET) request. The JSON response for this GET request contains
-a field called "antiForgeryToken". All the post requests below must include a header "x-csrf-token" with the value of
-"antiForgeryToken" from the GET response. In absence of this header with the right token value you will get following
-error response:
-
-```
-{
- "error" : "Forbidden action.",
- "errorMessage" : "missing CSRF token."
-}
-```
-
### /api/v1/uploadTopology (POST)
uploads a topology.
@@ -628,7 +594,6 @@ Examples:
```no-highlight
curl -i -b ~/cookiejar.txt -c ~/cookiejar.txt -X POST
--H 'x-csrf-token: ycit8Wi89ZdAOo9KKaka/Pvd0vnx8TZzP8xSDDSw8J8bTfyn4jz38VN4Xcb7CF6xigRzDLaGVHbrSj80'
-F topologyConfig='{"topologyMainClass": "storm.starter.WordCountTopology", "topologyMainClassArgs": ["wordcount1"]}'
-F topologyJar=@examples/storm-starter/storm-starter-topologies-0.10.0-SNAPSHOT.jar
http://localhost:8080/api/v1/uploadTopology