Larry McCay created KNOX-198:
--------------------------------
Summary: CSRF header support
Key: KNOX-198
URL: https://issues.apache.org/jira/browse/KNOX-198
Project: Apache Knox
Issue Type: New Feature
Components: ClientDSL, Server
Affects Versions: 0.3.0
Reporter: Larry McCay
Assignee: Larry McCay
Fix For: 0.4.0
Determine the approach for CSRF prevention and how to align with the protection
that needs to be provided at the service endpoints themselves. The services
need to provide this for when Knox is not deployed.
Does Knox just pass through the custom header that is sent by the client?
Does Knox have its own relationship and established header value with the
services?
How do we communicate the required header values and names to the Knox clients
of various types - including Knox ClientDSL?
--
This message was sent by Atlassian JIRA
(v6.1#6144)
