Yanbo Liang created SPARK-15440:
-----------------------------------
Summary: Add CSRF Filter for REST APIs to Spark
Key: SPARK-15440
URL: https://issues.apache.org/jira/browse/SPARK-15440
Project: Spark
Issue Type: New Feature
Components: Deploy, Spark Core
Reporter: Yanbo Liang
CSRF prevention for REST APIs can be provided through a common servlet filter.
This filter would check for the existence of an custom HTTP header - such as
X-XSRF-Header.
The fact that CSRF attacks are entirely browser based means that the above
approach can ensure that requests are coming from either: applications served
by the same origin as the REST API or that there is explicit policy
configuration that allows the setting of a header on XmlHttpRequest from
another origin.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
