Eric Yang created HADOOP-14967:
----------------------------------
Summary: Use jetty CORS filter for web interface
Key: HADOOP-14967
URL: https://issues.apache.org/jira/browse/HADOOP-14967
Project: Hadoop Common
Issue Type: Bug
Reporter: Eric Yang
Hadoop CORS filter only prevent iframe from embedding Hadoop UI. It would be
nice to use standard jetty CORS filter to improve control of CORS filtering. A
standard approach is to add this section of code in web.xml:
{code}
<web-app>
<filter>
<filter-name>cross-origin</filter-name>
<filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class>
<init-param>
<param-name>allowedOrigins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>allowedMethods</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>allowedHeaders</param-name>
<param-value>*</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>cross-origin</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
{code}
and pom.xml:
{code}
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-servlets</artifactId>
<version>${jetty.version}</version>
</dependency>
{code}
Hadoop web application are written with embedding Jetty. This is most likely
translate to a callable class to initialize web filter using standard jetty web
filter, when {{hadoop.http.cross-origin.enabled}} is set to true.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-dev-h...@hadoop.apache.org
