[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15373756#comment-15373756 ] Jitendra Nath Pandey commented on HDFS-10579: - Ok, committed to branch-2.8, including the dependencies. > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.8.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch, > HDFS-10579.003.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15373453#comment-15373453 ] Larry McCay commented on HDFS-10579: I think that should be it. There isn't some reason to keep it out of 2.8 that I am missing - is there? > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.9.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch, > HDFS-10579.003.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15373375#comment-15373375 ] Jitendra Nath Pandey commented on HDFS-10579: - I committed this to branch-2 only, because the earlier jira HADOOP-12964 was only in branch-2. If we want it in 2.8, following two also must go to 2.8: HADOOP-12964 HADOOP-13352 Are there any other dependencies? > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.9.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch, > HDFS-10579.003.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15372063#comment-15372063 ] Larry McCay commented on HDFS-10579: [~jnp] - do we need this in branch-2.8 as well? > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.9.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch, > HDFS-10579.003.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15372045#comment-15372045 ] Jitendra Nath Pandey commented on HDFS-10579: - I have committed this to trunk and branch-2. Thanks [~anu]. > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.9.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch, > HDFS-10579.003.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15371865#comment-15371865 ] Hudson commented on HDFS-10579: --- SUCCESS: Integrated in Hadoop-trunk-Commit #10075 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/10075/]) HDFS-10579. HDFS web interfaces lack configs for X-FRAME-OPTIONS (jitendra: rev c447efebdb92dcdf3d95e983036f53bfbed2c0b4) * hadoop-hdfs-project/hadoop-hdfs/src/main/resources/hdfs-default.xml * hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/datanode/web/TestDatanodeHttpXFrame.java * hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeHttpServer.java * hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/web/DatanodeHttpServer.java * hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestNameNodeHttpServerXFrame.java * hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.9.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch, > HDFS-10579.003.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15368962#comment-15368962 ] Jitendra Nath Pandey commented on HDFS-10579: - +1 for the latest patch. > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.9.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch, > HDFS-10579.003.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15368798#comment-15368798 ] Anu Engineer commented on HDFS-10579: - Test failures are not related to this patch. > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.9.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch, > HDFS-10579.003.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15368784#comment-15368784 ] Hadoop QA commented on HDFS-10579: -- | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 19s{color} | {color:blue} Docker mode activated. {color} | | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | | {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m 0s{color} | {color:green} The patch appears to include 2 new or modified test files. {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 7m 4s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 51s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 33s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 15s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 18s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 2m 5s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 57s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 51s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 45s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 0m 45s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 28s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m 57s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 9s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} xml {color} | {color:green} 0m 2s{color} | {color:green} The patch has no ill-formed XML file. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m 54s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 54s{color} | {color:green} the patch passed {color} | | {color:red}-1{color} | {color:red} unit {color} | {color:red} 62m 45s{color} | {color:red} hadoop-hdfs in the patch failed. {color} | | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 22s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black} 83m 49s{color} | {color:black} {color} | \\ \\ || Reason || Tests || | Failed junit tests | hadoop.hdfs.server.namenode.TestEditLog | | | hadoop.hdfs.server.blockmanagement.TestUnderReplicatedBlocks | \\ \\ || Subsystem || Report/Notes || | Docker | Image:yetus/hadoop:9560f25 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12816924/HDFS-10579.003.patch | | JIRA Issue | HDFS-10579 | | Optional Tests | asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle xml | | uname | Linux c63a83eed656 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | /testptch/hadoop/patchprocess/precommit/personality/provided.sh | | git revision | trunk / 932aed6 | | Default Java | 1.8.0_91 | | findbugs | v3.0.0 | | unit | https://builds.apache.org/job/PreCommit-HDFS-Build/16011/artifact/patchprocess/patch-unit-hadoop-hdfs-project_hadoop-hdfs.txt | | Test Results | https://builds.apache.org/job/PreCommit-HDFS-Build/16011/testReport/ | | modules | C: hadoop-hdfs-project/hadoop-hdfs U: hadoop-hdfs-project/hadoop-hdfs | | Console output | https://builds.apache.org/job/PreCommit-HDFS-Build/16011/console | | Powered by | Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org | This message was automatically generated. > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 >
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15368521#comment-15368521 ] Hadoop QA commented on HDFS-10579: -- | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 0s{color} | {color:blue} Docker mode activated. {color} | | {color:red}-1{color} | {color:red} patch {color} | {color:red} 0m 6s{color} | {color:red} HDFS-10579 does not apply to trunk. Rebase required? Wrong Branch? See https://wiki.apache.org/hadoop/HowToContribute for help. {color} | \\ \\ || Subsystem || Report/Notes || | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12816575/HDFS-10579.002.patch | | JIRA Issue | HDFS-10579 | | Console output | https://builds.apache.org/job/PreCommit-HDFS-Build/16010/console | | Powered by | Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org | This message was automatically generated. > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.9.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. This JIRA will also > add an ability to pick the right x-frame-option, since right now it looks > like we have hardcoded that to SAMEORIGIN. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15368511#comment-15368511 ] Jitendra Nath Pandey commented on HDFS-10579: - Please annotate getHttpServer method with @VisibleForTesting. It seems to be added only for tests. > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.9.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. This JIRA will also > add an ability to pick the right x-frame-option, since right now it looks > like we have hardcoded that to SAMEORIGIN. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15367032#comment-15367032 ] Anu Engineer commented on HDFS-10579: - [~haibochen] HDFS JIRAs cannot be made sub-tasks of COMMON jiras. I have made this JIRA dependent on the JIRA in common. > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.9.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. This JIRA will also > add an ability to pick the right x-frame-option, since right now it looks > like we have hardcoded that to SAMEORIGIN. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15366916#comment-15366916 ] Larry McCay commented on HDFS-10579: [~anu] - This looks good. I will review the new patches when they arrive as well. Thanks for adding this! > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.9.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. This JIRA will also > add an ability to pick the right x-frame-option, since right now it looks > like we have hardcoded that to SAMEORIGIN. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15366858#comment-15366858 ] Anu Engineer commented on HDFS-10579: - [~haibochen] Thanks for the comments bq. xFrameOption and xFrameOptionIsEnabled (of HttpServer2) are declared as static but used as instance variables. Can you make them non-static? Of course, QuotingInputFilter has to be non-static to access them Just wanted to let you know that I will make this change and post that patch to the new Hadoop Common Jira that I will be creating based on your suggestion. I will tag on that Jira so that you can look at the changes. I should be able to post a patch by EOD. btw, looks like YARN addressed this issue in this patch. https://issues.apache.org/jira/browse/YARN-5076 > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.9.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. This JIRA will also > add an ability to pick the right x-frame-option, since right now it looks > like we have hardcoded that to SAMEORIGIN. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15366764#comment-15366764 ] Haibo Chen commented on HDFS-10579: --- Thanks [~anu] a lot for working on this! I totally did not notice compatibility issues on branch-2. A few comments. 1) xFrameOption and xFrameOptionIsEnabled (of HttpServer2) are declared as static but used as instance variables. Can you make them non-static? Of course, QuotingInputFilter has to be non-static to access them. 2) testHttpResonseContainsXFrameOptions, testHttpResonseContainsDeny and testHttpResonseContainsAllowFrom are the same except the x-frame-option config. You could have a common method that takes x-frame-option as a parameter and does the verification. Then the three test methods can simply call that method with different x-frame-option. 3) The patch touches both HttpServer2 which is in COMMON, and HDFS servers. Can you create a parent jira against COMMON to make HttpServer2 changes, then create a sub task against HDFS of that to make HDFS changes? Other components also uses HttpServer2, such as MR. If needed, we could add more subtasks for each of the components. > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.9.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. This JIRA will also > add an ability to pick the right x-frame-option, since right now it looks > like we have hardcoded that to SAMEORIGIN. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15366700#comment-15366700 ] Anu Engineer commented on HDFS-10579: - Test Failures are not related to this patch. > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.9.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. This JIRA will also > add an ability to pick the right x-frame-option, since right now it looks > like we have hardcoded that to SAMEORIGIN. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15365845#comment-15365845 ] Hadoop QA commented on HDFS-10579: -- | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 28s{color} | {color:blue} Docker mode activated. {color} | | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | | {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m 0s{color} | {color:green} The patch appears to include 4 new or modified test files. {color} | | {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 13s{color} | {color:blue} Maven dependency ordering for branch {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 7m 9s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 6m 57s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 1m 31s{color} | {color:green} trunk passed {color} | | {color:red}-1{color} | {color:red} mvnsite {color} | {color:red} 2m 11s{color} | {color:red} hadoop-common in trunk failed. {color} | | {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 27s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 3m 21s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 50s{color} | {color:green} trunk passed {color} | | {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 12s{color} | {color:blue} Maven dependency ordering for patch {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 1m 33s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 7m 2s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 7m 2s{color} | {color:green} the patch passed {color} | | {color:orange}-0{color} | {color:orange} checkstyle {color} | {color:orange} 1m 26s{color} | {color:orange} root: The patch generated 1 new + 523 unchanged - 0 fixed = 524 total (was 523) {color} | | {color:red}-1{color} | {color:red} mvnsite {color} | {color:red} 2m 16s{color} | {color:red} hadoop-common in the patch failed. {color} | | {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 27s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} xml {color} | {color:green} 0m 1s{color} | {color:green} The patch has no ill-formed XML file. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 4m 26s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 47s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} unit {color} | {color:green} 9m 16s{color} | {color:green} hadoop-common in the patch passed. {color} | | {color:red}-1{color} | {color:red} unit {color} | {color:red} 79m 37s{color} | {color:red} hadoop-hdfs in the patch failed. {color} | | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 24s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black}135m 34s{color} | {color:black} {color} | \\ \\ || Reason || Tests || | Failed junit tests | hadoop.hdfs.server.namenode.TestNameNodeMetadataConsistency | | Timed out junit tests | org.apache.hadoop.hdfs.TestLeaseRecovery2 | \\ \\ || Subsystem || Report/Notes || | Docker | Image:yetus/hadoop:9560f25 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12816575/HDFS-10579.002.patch | | JIRA Issue | HDFS-10579 | | Optional Tests | asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle xml | | uname | Linux cf5b006b3441 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | /testptch/hadoop/patchprocess/precommit/personality/provided.sh | | git revision | trunk / a3f93be | | Default Java | 1.8.0_91 | | mvnsite | https://builds.apache.org/job/PreCommit-HDFS-Build/15999/artifact/patchprocess/branch-mvnsite-hadoop-common-project_hadoop-common.txt | | findbugs | v3.0.0 |
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15365645#comment-15365645 ] Hadoop QA commented on HDFS-10579: -- | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 24s{color} | {color:blue} Docker mode activated. {color} | | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | | {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m 0s{color} | {color:green} The patch appears to include 4 new or modified test files. {color} | | {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 13s{color} | {color:blue} Maven dependency ordering for branch {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 7m 9s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 6m 59s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 1m 31s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 52s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 29s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 3m 10s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 38s{color} | {color:green} trunk passed {color} | | {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 11s{color} | {color:blue} Maven dependency ordering for patch {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 1m 26s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 6m 54s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 6m 54s{color} | {color:green} the patch passed {color} | | {color:orange}-0{color} | {color:orange} checkstyle {color} | {color:orange} 1m 28s{color} | {color:orange} root: The patch generated 6 new + 523 unchanged - 0 fixed = 529 total (was 523) {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 55s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 26s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} xml {color} | {color:green} 0m 1s{color} | {color:green} The patch has no ill-formed XML file. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 3m 34s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 52s{color} | {color:green} the patch passed {color} | | {color:red}-1{color} | {color:red} unit {color} | {color:red} 8m 23s{color} | {color:red} hadoop-common in the patch failed. {color} | | {color:red}-1{color} | {color:red} unit {color} | {color:red} 71m 19s{color} | {color:red} hadoop-hdfs in the patch failed. {color} | | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 26s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black}122m 15s{color} | {color:black} {color} | \\ \\ || Reason || Tests || | Failed junit tests | hadoop.security.TestGroupsCaching | | | hadoop.hdfs.TestCrcCorruption | \\ \\ || Subsystem || Report/Notes || | Docker | Image:yetus/hadoop:9560f25 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12816553/HDFS-10579.001.patch | | JIRA Issue | HDFS-10579 | | Optional Tests | asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle xml | | uname | Linux 91c8352d806a 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | /testptch/hadoop/patchprocess/precommit/personality/provided.sh | | git revision | trunk / a3f93be | | Default Java | 1.8.0_91 | | findbugs | v3.0.0 | | checkstyle | https://builds.apache.org/job/PreCommit-HDFS-Build/15998/artifact/patchprocess/diff-checkstyle-root.txt | | unit | https://builds.apache.org/job/PreCommit-HDFS-Build/15998/artifact/patchprocess/patch-unit-hadoop-common-
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15363348#comment-15363348 ] Anu Engineer commented on HDFS-10579: - [~rkanter] [~haibochen] Tagging both of you to make sure that this JIRA is noticed by you. I will post a patch soon, would appreciate any feedback you might have. > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 3.0.0-alpha1 > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. This JIRA will also > add an ability to pick the right x-frame-option, since right now it looks > like we have hardcoded that to SAMEORIGIN. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org