Gabriella Lotz has uploaded this change for review. ( http://gerrit.cloudera.org:8080/23657
Change subject: [webserver] Restrict UI pages to GET/HEAD methods only ...................................................................... [webserver] Restrict UI pages to GET/HEAD methods only Currently, the web server UI pages return 200 OK regardless of the HTTP method used. Display pages like "/", "/tables", "/tablet-servers" accept POST, PUT, DELETE and other methods even though they're purely informational read-only pages. This could lead to unintended interactions and doesn't follow HTTP best practices. This patch adds HTTP method validation for display pages. Pages registered with StyleMode::STYLED (human-readable UI pages with CSS and navigation) now only accept GET and HEAD requests. Other HTTP methods (POST, PUT, DELETE, etc.) return 405 Method Not Allowed with an appropriate Allow header. Functional endpoints like /metrics, and REST API endpoints registered with StyleMode::UNSTYLED or StyleMode::JSON continue to accept all HTTP methods as before, since they may legitimately need POST for operations. The design uses StyleMode as a signal for method restrictions since STYLED pages are semantically read-only displays for human viewing, while functional endpoints are machine-consumable and may need to accept writes. This approach requires no API changes and automatically applies the correct restrictions based on existing semantics. Change-Id: Ie232bd50785bb750ecaa0a7e19403e573ac193eb --- M src/kudu/server/webserver-test.cc M src/kudu/server/webserver.cc 2 files changed, 83 insertions(+), 0 deletions(-) git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/57/23657/1 -- To view, visit http://gerrit.cloudera.org:8080/23657 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: Ie232bd50785bb750ecaa0a7e19403e573ac193eb Gerrit-Change-Number: 23657 Gerrit-PatchSet: 1 Gerrit-Owner: Gabriella Lotz <[email protected]>
