[
https://issues.apache.org/jira/browse/HDFS-5661?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13847826#comment-13847826
]
Haohui Mai commented on HDFS-5661:
----------------------------------
I'm curious how you manage to pass the cookie to the datanode. Even with your
patch, the cookies should not be passed from the namenode and the datanode.
The browser is not supposed to shared the cookies. An origin is defined by the
scheme, host, and port of a URL[1], where two hosts with the same hostname but
different ports are considered different origins.
The browsers implement the same-origin policy, where the cookies are isolated
in different origins [2].
[1] http://www.w3.org/Security/wiki/Same_Origin_Policy
[2] https://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy
> Browsing FileSystem via web ui, should use datanode's hostname instead of ip
> address
> ------------------------------------------------------------------------------------
>
> Key: HDFS-5661
> URL: https://issues.apache.org/jira/browse/HDFS-5661
> Project: Hadoop HDFS
> Issue Type: Bug
> Affects Versions: 2.2.0
> Reporter: Benoy Antony
> Assignee: Benoy Antony
> Attachments: HDFS-5661.patch
>
>
> If authentication is enabled on the web ui, then a cookie is used to keep
> track of the authentication information. There is normally a domain
> associated with the cookie. Since ip address doesn't have any domain , the
> cookie will not be sent by the browser while making http calls with ip
> address as the destination server.
> This will break browsing files system via web ui , if authentication is
> enabled.
> Browsing FileSystem via web ui, should use datanode's hostname instead of ip
> address.
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)
