You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@impala.apache.org by ta...@apache.org on 2016/04/12 23:18:52 UTC
[18/50] incubator-impala git commit: IMPALA-3072: Allow frame
embedding for webserver pages
IMPALA-3072: Allow frame embedding for webserver pages
Check that 'X-Frame-Options' HTTP header is set in a webserver replies.
Allow changing the value of the header and test that the value is
changed as server configuration is changed.
Change-Id: I091f00ce62f4ffc58c04459241aeb7a31e104bb4
Reviewed-on: http://gerrit.cloudera.org:8080/2299
Reviewed-by: Henry Robinson <he...@cloudera.com>
Tested-by: Internal Jenkins
Project: http://git-wip-us.apache.org/repos/asf/incubator-impala/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-impala/commit/97b52338
Tree: http://git-wip-us.apache.org/repos/asf/incubator-impala/tree/97b52338
Diff: http://git-wip-us.apache.org/repos/asf/incubator-impala/diff/97b52338
Branch: refs/heads/master
Commit: 97b523389e7604183c23574842bd6c35385aa7f5
Parents: 2d0b944
Author: oxpa <ii...@gmail.com>
Authored: Thu Feb 25 09:17:57 2016 +0300
Committer: Internal Jenkins <cl...@gerrit.cloudera.org>
Committed: Wed Mar 30 09:25:33 2016 +0000
----------------------------------------------------------------------
be/src/util/webserver-test.cc | 22 +++++++++++++++++++---
be/src/util/webserver.cc | 8 ++++++--
2 files changed, 25 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/97b52338/be/src/util/webserver-test.cc
----------------------------------------------------------------------
diff --git a/be/src/util/webserver-test.cc b/be/src/util/webserver-test.cc
index d119cc1..392334b 100644
--- a/be/src/util/webserver-test.cc
+++ b/be/src/util/webserver-test.cc
@@ -27,6 +27,7 @@ DECLARE_string(webserver_password_file);
DECLARE_string(webserver_certificate_file);
DECLARE_string(webserver_private_key_file);
DECLARE_string(webserver_private_key_password_cmd);
+DECLARE_string(webserver_x_frame_options);
#include "common/names.h"
@@ -296,14 +297,29 @@ TEST(Webserver, NoFrameEmbeddingTest) {
const string FRAME_TEST_PATH = "/frames_test";
Webserver webserver(FLAGS_webserver_port);
Webserver::UrlCallback callback = bind<void>(FrameCallback, _1, _2);
- webserver.RegisterUrlCallback(FRAME_TEST_PATH, "raw-text.tmpl", callback);
+ webserver.RegisterUrlCallback(FRAME_TEST_PATH, "raw_text.tmpl", callback);
ASSERT_OK(webserver.Start());
stringstream contents;
ASSERT_OK(HttpGet("localhost", FLAGS_webserver_port,
FRAME_TEST_PATH, &contents, 200));
- // Confirm that the embedded frame isn't rendered
- ASSERT_TRUE(contents.str().find("Metrics") == string::npos);
+ // Confirm that there is an HTTP header to deny framing
+ ASSERT_FALSE(contents.str().find("X-Frame-Options: DENY") == string::npos);
+}
+TEST(Webserver, FrameAllowEmbeddingTest) {
+ const string FRAME_TEST_PATH = "/frames_test";
+ ScopedFlagSetter<string> webserver_x_frame_options(&FLAGS_webserver_x_frame_options,
+ "ALLOWALL");
+ Webserver webserver(FLAGS_webserver_port);
+ Webserver::UrlCallback callback = bind<void>(FrameCallback, _1, _2);
+ webserver.RegisterUrlCallback(FRAME_TEST_PATH, "raw_text.tmpl", callback);
+ ASSERT_OK(webserver.Start());
+ stringstream contents;
+ ASSERT_OK(HttpGet("localhost", FLAGS_webserver_port,
+ FRAME_TEST_PATH, &contents, 200));
+
+ // Confirm that there is an HTTP header to allow framing
+ ASSERT_FALSE(contents.str().find("X-Frame-Options: ALLOWALL") == string::npos);
}
const string STRING_WITH_NULL = "123456789\0ABCDE";
http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/97b52338/be/src/util/webserver.cc
----------------------------------------------------------------------
diff --git a/be/src/util/webserver.cc b/be/src/util/webserver.cc
index 8eb05ae..106e37a 100644
--- a/be/src/util/webserver.cc
+++ b/be/src/util/webserver.cc
@@ -92,6 +92,9 @@ DEFINE_string(webserver_password_file, "",
"(Optional) Location of .htpasswd file containing user names and hashed passwords for"
" debug webserver authentication");
+DEFINE_string(webserver_x_frame_options, "DENY",
+ "webserver will add X-Frame-Options HTTP header with this value");
+
static const char* DOC_FOLDER = "/www/";
static const int DOC_FOLDER_LEN = strlen(DOC_FOLDER);
@@ -138,11 +141,12 @@ string BuildHeaderString(ResponseCode response, ContentType content_type) {
static const string RESPONSE_TEMPLATE = "HTTP/1.1 $0 $1\r\n"
"Content-Type: text/$2\r\n"
"Content-Length: %d\r\n"
- "X-Frame-Options: DENY\r\n"
+ "X-Frame-Options: $3\r\n"
"\r\n";
return Substitute(RESPONSE_TEMPLATE, response, response == OK ? "OK" : "Not found",
- content_type == HTML ? "html" : "plain");
+ content_type == HTML ? "html" : "plain",
+ FLAGS_webserver_x_frame_options.c_str());
}
Webserver::Webserver()