Alon Bar-Lev has posted comments on this change. Change subject: restapi: Add CSRF protection filter ......................................................................
Patch Set 2: (1 comment) http://gerrit.ovirt.org/#/c/26578/2/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/security/CSRFProtectionFilter.java File backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/security/CSRFProtectionFilter.java: Line 94: Line 95: /** Line 96: * The name of the header that should contain the session identifier. Line 97: */ Line 98: private static final String SESSION_ID_HEADER_NAME = "JSESSIONID"; can we have our own independent header name? JSESSIONID is something of J2EE while we are at our own. I suggest to prefix this with X-OVIRT or anything that can be unique for our component. Line 99: Line 100: /** Line 101: * The name of the function inside the script used to check if the request is trusted. Line 102: */ -- To view, visit http://gerrit.ovirt.org/26578 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I68f03eeefe5bcb1956036b4a80fef4400c467346 Gerrit-PatchSet: 2 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Juan Hernandez <[email protected]> Gerrit-Reviewer: Alon Bar-Lev <[email protected]> Gerrit-Reviewer: Barak Azulay <[email protected]> Gerrit-Reviewer: Itamar Heim <[email protected]> Gerrit-Reviewer: Juan Hernandez <[email protected]> Gerrit-Reviewer: Michael Pasternak <[email protected]> Gerrit-Reviewer: Sandro Bonazzola <[email protected]> Gerrit-Reviewer: Vojtech Szocs <[email protected]> Gerrit-Reviewer: Yair Zaslavsky <[email protected]> Gerrit-Reviewer: [email protected] Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
