adoroszlai commented on PR #8933: URL: https://github.com/apache/ozone/pull/8933#issuecomment-3178152408
> The custom headers we added (like `X-Requested-With: OzoneAdminCLI`) ensure that only our OZONE CLI can trigger the rebuild - browsers and casual web requests get blocked. Not really. Browsers and tools like `curl` can send custom HTTP headers. This should require authentication and proper admin privilege check in Recon to prevent DoS attacks. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
