You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@storm.apache.org by bo...@apache.org on 2015/02/03 20:33:03 UTC

[3/4] storm git commit: Merge branch 'STORM-608' of https://github.com/harshach/incubator-storm into STORM-608

Merge branch 'STORM-608' of https://github.com/harshach/incubator-storm into STORM-608

STORM-608: Storm UI CSRF escape characters not work correctly.


Project: http://git-wip-us.apache.org/repos/asf/storm/repo
Commit: http://git-wip-us.apache.org/repos/asf/storm/commit/01e6b12f
Tree: http://git-wip-us.apache.org/repos/asf/storm/tree/01e6b12f
Diff: http://git-wip-us.apache.org/repos/asf/storm/diff/01e6b12f

Branch: refs/heads/master
Commit: 01e6b12fc9a62e496998cd84f18991b50fc542d9
Parents: 1f35f41 8f35304
Author: Robert (Bobby) Evans <ev...@yahoo-inc.com>
Authored: Tue Feb 3 12:56:47 2015 -0600
Committer: Robert (Bobby) Evans <ev...@yahoo-inc.com>
Committed: Tue Feb 3 12:56:47 2015 -0600

----------------------------------------------------------------------
 STORM-UI-REST-API.md                          | 21 +++++++++++++++++++++
 storm-core/src/clj/backtype/storm/ui/core.clj |  2 ++
 2 files changed, 23 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/storm/blob/01e6b12f/storm-core/src/clj/backtype/storm/ui/core.clj
----------------------------------------------------------------------
diff --cc storm-core/src/clj/backtype/storm/ui/core.clj
index 1b78a65,dddfaac..b36a7a9
--- a/storm-core/src/clj/backtype/storm/ui/core.clj
+++ b/storm-core/src/clj/backtype/storm/ui/core.clj
@@@ -898,12 -901,11 +898,14 @@@
         (let [user (.getUserName http-creds-handler servlet-request)]
           (assert-authorized-user servlet-request "getTopology" (topology-config id))
           (json-response (component-page id component (:window m) (check-include-sys? (:sys m)) user) (:callback m))))
+   (GET "/api/v1/token" [ & m]
+        (json-response (format "{\"antiForgeryToken\": \"%s\"}" *anti-forgery-token*) (:callback m) :serialize-fn identity))
    (POST "/api/v1/topology/:id/activate" [:as {:keys [cookies servlet-request]} id]
      (with-nimbus nimbus
 -      (let [tplg (.getTopologyInfo ^Nimbus$Client nimbus id)
 +      (let [tplg (->> (doto
 +                        (GetInfoOptions.)
 +                        (.set_num_err_choice NumErrorsChoice/NONE))
 +                      (.getTopologyInfoWithOpts ^Nimbus$Client nimbus id))
              name (.get_name tplg)]
          (assert-authorized-user servlet-request "activate" (topology-config id))
          (.activate nimbus name)