Larry McCay created HADOOP-13008:
------------------------------------
Summary: Add XFS Filter for UIs to Hadoop Common
Key: HADOOP-13008
URL: https://issues.apache.org/jira/browse/HADOOP-13008
Project: Hadoop Common
Issue Type: New Feature
Components: security
Reporter: Larry McCay
Assignee: Larry McCay
Fix For: 2.8.0
CSRF prevention for REST APIs can be provided through a common servlet filter.
This filter would check for the existence of an expected (configurable) HTTP
header - such as X-XSRF-Header.
The fact that CSRF attacks are entirely browser based means that the above
approach can ensure that requests are coming from either: applications served
by the same origin as the REST API or that there is explicit policy
configuration that allows the setting of a header on XmlHttpRequest from
another origin.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
