You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2022/07/12 03:02:11 UTC
[GitHub] [nifi] exceptionfactory opened a new pull request, #6198: NIFI-10196 Correct Jolt UI CSRF Header Handling
exceptionfactory opened a new pull request, #6198:
URL: https://github.com/apache/nifi/pull/6198
# Summary
[NIFI-10196](https://issues.apache.org/jira/browse/NIFI-10196) Corrects Cross Site Request Forgery header handling in the advanced user interface for the `JoltTransformJSON` Processor.
Previous adjustments for CSRF handling in [NIFI-9339](https://issues.apache.org/jira/browse/NIFI-9339) set the `Request-Token` header during initialization, but the approach does not handle subsequent requests when the CSRF cookie value changes.
The corrected approach uses [AngularJS XSRF Protection](https://docs.angularjs.org/api/ng/service/$http#cross-site-request-forgery-xsrf-protection) request interception based configuring the `xsrfCookieName` and `xsrfHeaderName` properties of the HTTP service. The standard AngularJS XSRF interceptor reads the cookie value and sets the request header for each request to leverage the current value.
# Tracking
Please complete the following tracking steps prior to pull request creation.
### Issue Tracking
- [X] [Apache NiFi Jira](https://issues.apache.org/jira/browse/NIFI) issue created
### Pull Request Tracking
- [X] Pull Request title starts with Apache NiFi Jira issue number, such as `NIFI-00000`
- [X] Pull Request commit message starts with Apache NiFi Jira issue number, as such `NIFI-00000`
### Pull Request Formatting
- [X] Pull Request based on current revision of the `main` branch
- [X] Pull Request refers to a feature branch with one commit containing changes
# Verification
Please indicate the verification steps performed prior to pull request creation.
### Build
- [X] Build completed using `mvn clean install -P contrib-check`
- [X] JDK 8
- [ ] JDK 11
- [ ] JDK 17
### Licensing
- [ ] New dependencies are compatible with the [Apache License 2.0](https://apache.org/licenses/LICENSE-2.0) according to the [License Policy](https://www.apache.org/legal/resolved.html)
- [ ] New dependencies are documented in applicable `LICENSE` and `NOTICE` files
### Documentation
- [ ] Documentation formatting appears as expected in rendered files
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nifi] mattyb149 commented on pull request #6198: NIFI-10196 Correct Jolt UI CSRF Header Handling
Posted by GitBox <gi...@apache.org>.
mattyb149 commented on PR #6198:
URL: https://github.com/apache/nifi/pull/6198#issuecomment-1183594565
+1 LGTM, verified I could not reproduce the issue once the PR was in place. Thanks for the fix! Merging to main
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nifi] mattyb149 closed pull request #6198: NIFI-10196 Correct Jolt UI CSRF Header Handling
Posted by GitBox <gi...@apache.org>.
mattyb149 closed pull request #6198: NIFI-10196 Correct Jolt UI CSRF Header Handling
URL: https://github.com/apache/nifi/pull/6198
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org