[jira] [Commented] (AMBARI-3758) Make Ambari Web changes for CSRF prevention

Antonenko Alexander (JIRA) Wed, 13 Nov 2013 07:16:15 -0800

    [ 
https://issues.apache.org/jira/browse/AMBARI-3758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13821408#comment-13821408
 ]


Antonenko Alexander commented on AMBARI-3758:
---------------------------------------------

+1 for the patch

> Make Ambari Web changes for CSRF prevention
> -------------------------------------------
>
>                 Key: AMBARI-3758
>                 URL: https://issues.apache.org/jira/browse/AMBARI-3758
>             Project: Ambari
>          Issue Type: Bug
>          Components: client
>    Affects Versions: 1.4.2
>            Reporter: Oleg Nechiporenko
>            Assignee: Oleg Nechiporenko
>             Fix For: 1.4.2
>
>         Attachments: AMBARI-3758.patch
>
>
> Basically, Ambari Web needs to pass the extra "X-Requested-By" HTTP header 
> for *ALL* POST, PUT, and DELETE calls.  No changes will be made to GET calls 
> (though it is OK to pass this extra HTTP header for GET calls if it's easier 
> to implement that way).



--
This message was sent by Atlassian JIRA
(v6.1#6144)

[jira] [Commented] (AMBARI-3758) Make Ambari Web changes for CSRF prevention

Reply via email to