[ https://issues.apache.org/jira/browse/HBASE-15187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15127217#comment-15127217 ]
Jerry He commented on HBASE-15187: ---------------------------------- bq. In the modified tests, REST calls with and without extra header are interleaved. Ok. But what is better for public users? Another minor: Should we use hbase.rest-csrf.enabled, or hbase.rest.csrf.enabled? In the webhdfs patch, they used rest-csrf. In hbase-rest module, we normally use 'hbase.rest.xxx'. > Integrate CSRF prevention filter to REST gateway > ------------------------------------------------ > > Key: HBASE-15187 > URL: https://issues.apache.org/jira/browse/HBASE-15187 > Project: HBase > Issue Type: Bug > Reporter: Ted Yu > Assignee: Ted Yu > Attachments: HBASE-15187.v1.patch, HBASE-15187.v2.patch > > > HADOOP-12691 introduced a filter in Hadoop Common to help REST APIs guard > against cross-site request forgery attacks. > This issue tracks the integration of that filter into HBase REST gateway. -- This message was sent by Atlassian JIRA (v6.3.4#6332)