You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Larry McCay (JIRA)" <ji...@apache.org> on 2017/07/20 19:44:00 UTC
[jira] [Commented] (KNOX-984) Knox dropping request body for http
DELETE requests
[ https://issues.apache.org/jira/browse/KNOX-984?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16095254#comment-16095254 ]
Larry McCay commented on KNOX-984:
----------------------------------
I agree that the Ranger API here is using a poorly formed URL and IMO invalid.
The patch looks like a decent hack to allow such invalid operations and probably makes sense to use for all DELETEs.
My question is whether there needs to be a check before adding the entity to make sure it isn't null or otherwise invalid.
What if it is an empty body?
What if it is null?
What if it is an empty JSON "{}"?
> Knox dropping request body for http DELETE requests
> ---------------------------------------------------
>
> Key: KNOX-984
> URL: https://issues.apache.org/jira/browse/KNOX-984
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.13.0
> Reporter: Sandeep More
> Assignee: Sandeep More
> Fix For: 0.13.0
>
> Attachments: KNOX-984.001.patch
>
>
> The problem is with the deleting users in Ranger when proxied through Knox.
> The issue is the DELETE http request. Ranger appears to be sending the delete data (user to be deleted) as message body.
> [https://tools.ietf.org/html/rfc2616#section-4.3 http/1.1 specs] are not clear on whether DELETE should support method body or not, it explicitly states so, for PUT and POST though. As a result HttpClient implementation does not support request body and the the request body is dropped (see org.apache.http.client.methods.HttpDelete) which is the problem we are seeing here.
>
> It appears to me that the REST api implementation for DELETE appears to be non-standard for Ranger.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)