You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Nate Cole (JIRA)" <ji...@apache.org> on 2016/10/24 15:36:58 UTC
[jira] [Created] (AMBARI-18680) Disallow POST and PUT operations on
a cluster
Nate Cole created AMBARI-18680:
----------------------------------
Summary: Disallow POST and PUT operations on a cluster
Key: AMBARI-18680
URL: https://issues.apache.org/jira/browse/AMBARI-18680
Project: Ambari
Issue Type: Task
Reporter: Nate Cole
Assignee: Nate Cole
Priority: Critical
Fix For: 2.5.0
When invoking an Offline Upgrade, the server should be restricted for operation by the web client.
* We can add a servlet filter to restrict this, then use a {{cluster-env}} property to indicate when the API should be locked down.
* PUT/POST should all be disallowed
** Except when passing a custom header with calls that allows the functionality.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)