Yusaku Sako created AMBARI-7344:
-----------------------------------
Summary: CSRF Prevention is broken for the /proxy endpoint
Key: AMBARI-7344
URL: https://issues.apache.org/jira/browse/AMBARI-7344
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 1.7.0
Reporter: Yusaku Sako
Priority: Critical
Fix For: 1.7.0
The CSRF prevention filter on the /proxy endpoint was effective for 1.6.1.
In trunk, this is broken.
https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java#L383
The code is referring to an incorrect filter class.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
