[
https://issues.apache.org/jira/browse/HBASE-15187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15127217#comment-15127217
]
Jerry He commented on HBASE-15187:
----------------------------------
bq. In the modified tests, REST calls with and without extra header are
interleaved.
Ok. But what is better for public users?
Another minor:
Should we use hbase.rest-csrf.enabled, or hbase.rest.csrf.enabled?
In the webhdfs patch, they used rest-csrf. In hbase-rest module, we normally
use 'hbase.rest.xxx'.
> Integrate CSRF prevention filter to REST gateway
> ------------------------------------------------
>
> Key: HBASE-15187
> URL: https://issues.apache.org/jira/browse/HBASE-15187
> Project: HBase
> Issue Type: Bug
> Reporter: Ted Yu
> Assignee: Ted Yu
> Attachments: HBASE-15187.v1.patch, HBASE-15187.v2.patch
>
>
> HADOOP-12691 introduced a filter in Hadoop Common to help REST APIs guard
> against cross-site request forgery attacks.
> This issue tracks the integration of that filter into HBase REST gateway.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
