You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Yusaku Sako (JIRA)" <ji...@apache.org> on 2014/05/16 13:06:13 UTC
[jira] [Updated] (AMBARI-4338) Proper error message required for
CSRF protection error
[ https://issues.apache.org/jira/browse/AMBARI-4338?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Yusaku Sako updated AMBARI-4338:
--------------------------------
Fix Version/s: (was: 1.6.0)
1.6.1
> Proper error message required for CSRF protection error
> -------------------------------------------------------
>
> Key: AMBARI-4338
> URL: https://issues.apache.org/jira/browse/AMBARI-4338
> Project: Ambari
> Issue Type: Task
> Affects Versions: 1.4.2
> Reporter: Yusaku Sako
> Fix For: 1.6.1
>
>
> Ambari Server requires non-GET calls to be made with the "X-Requested-By" HTTP header.
> When a request made without the header (and CSRF option is turned on, which is the default), it fails with error code 400 without any useful message.
> The error message should clearly indicate that CSRF is turned on and that X-Requested-By HTTP header is required.
--
This message was sent by Atlassian JIRA
(v6.2#6252)