subject:"\[jira\] \[Commented\] \(HDFS\-12693\) Ozone\: Enable XFrame options for KSM\/SCM web ui"

[jira] [Commented] (HDFS-12693) Ozone: Enable XFrame options for KSM/SCM web ui

2018-04-26 Thread Hudson (JIRA)


[ 
https://issues.apache.org/jira/browse/HDFS-12693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16455303#comment-16455303
 ] 

Hudson commented on HDFS-12693:
---

SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #14070 (See 
[https://builds.apache.org/job/Hadoop-trunk-Commit/14070/])
HDFS-12693. Ozone: Enable XFrame options for KSM/SCM web ui. Contributed 
(omalley: rev 731a69faa1d2454fbcb70262fd333d508042a0c7)
* (edit) 
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/ozone/web/OzoneHttpServer.java


> Ozone: Enable XFrame options for KSM/SCM web ui
> ---
>
> Key: HDFS-12693
> URL: https://issues.apache.org/jira/browse/HDFS-12693
> Project: Hadoop HDFS
>  Issue Type: Sub-task
>  Components: ozone
>Affects Versions: HDFS-7240
>Reporter: Elek, Marton
>Assignee: Elek, Marton
>Priority: Major
> Fix For: HDFS-7240
>
> Attachments: HDFS-12693-HDFS-7240.001.patch
>
>
> According to the discussion about security checklist on dev list I started to 
> check the security features of the existing HttpServer2 and found that by 
> default the XFrame option headers are disabled. This patch enables it by 
> default for SCM/KSM server similar to the Namenode/Datanode webui. 
> (Note: Even if the only form on the SCM/KSM ui-s is the standard LogLevel 
> form, I think it's a good practice to enable it by default.)
> Test:
> Without the patch (clean build, SCM ui):
> {code}
>  curl -v localhost:9876/jmx -o /dev/null  
>   
>* TCP_NODELAY set
> * Connected to localhost (::1) port 9876 (#0)
> > GET /jmx HTTP/1.1
> > Host: localhost:9876
> > User-Agent: curl/7.55.1
> > Accept: */*
> > 
> < HTTP/1.1 200 OK
> < Date: Sat, 21 Oct 2017 19:54:43 GMT
> < Cache-Control: no-cache
> < Expires: Sat, 21 Oct 2017 19:54:43 GMT
> < Date: Sat, 21 Oct 2017 19:54:43 GMT
> < Pragma: no-cache
> < Content-Type: application/json; charset=utf8
> < Access-Control-Allow-Methods: GET
> < Access-Control-Allow-Origin: *
> < Transfer-Encoding: chunked
> {code}
> With the patch:
> {code}
> curl -v localhost:9876/jmx -o /dev/null   
>   
> * Connected to localhost (::1) port 9876 (#0)
> > GET /jmx HTTP/1.1
> > Host: localhost:9876
> > User-Agent: curl/7.55.1
> > Accept: */*
> > 
> < HTTP/1.1 200 OK
> < Date: Sat, 21 Oct 2017 19:55:07 GMT
> < Cache-Control: no-cache
> < Expires: Sat, 21 Oct 2017 19:55:07 GMT
> < Date: Sat, 21 Oct 2017 19:55:07 GMT
> < Pragma: no-cache
> < Content-Type: application/json; charset=utf8
> < X-FRAME-OPTIONS: SAMEORIGIN
> < Access-Control-Allow-Methods: GET
> < Access-Control-Allow-Origin: *
> < Transfer-Encoding: chunked
> {code}
> Note: X-FRAME-OPTIONS header exists at the second case.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

[jira] [Commented] (HDFS-12693) Ozone: Enable XFrame options for KSM/SCM web ui

2018-04-24 Thread Hudson (JIRA)


[ 
https://issues.apache.org/jira/browse/HDFS-12693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16451090#comment-16451090
 ] 

Hudson commented on HDFS-12693:
---

SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #14057 (See 
[https://builds.apache.org/job/Hadoop-trunk-Commit/14057/])
HDFS-12693. Ozone: Enable XFrame options for KSM/SCM web ui. Contributed 
(aengineer: rev 27f412fad129b1df7bcb68e9153d33033175d936)
* (edit) 
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/ozone/web/OzoneHttpServer.java


> Ozone: Enable XFrame options for KSM/SCM web ui
> ---
>
> Key: HDFS-12693
> URL: https://issues.apache.org/jira/browse/HDFS-12693
> Project: Hadoop HDFS
>  Issue Type: Sub-task
>  Components: ozone
>Affects Versions: HDFS-7240
>Reporter: Elek, Marton
>Assignee: Elek, Marton
>Priority: Major
> Fix For: HDFS-7240
>
> Attachments: HDFS-12693-HDFS-7240.001.patch
>
>
> According to the discussion about security checklist on dev list I started to 
> check the security features of the existing HttpServer2 and found that by 
> default the XFrame option headers are disabled. This patch enables it by 
> default for SCM/KSM server similar to the Namenode/Datanode webui. 
> (Note: Even if the only form on the SCM/KSM ui-s is the standard LogLevel 
> form, I think it's a good practice to enable it by default.)
> Test:
> Without the patch (clean build, SCM ui):
> {code}
>  curl -v localhost:9876/jmx -o /dev/null  
>   
>* TCP_NODELAY set
> * Connected to localhost (::1) port 9876 (#0)
> > GET /jmx HTTP/1.1
> > Host: localhost:9876
> > User-Agent: curl/7.55.1
> > Accept: */*
> > 
> < HTTP/1.1 200 OK
> < Date: Sat, 21 Oct 2017 19:54:43 GMT
> < Cache-Control: no-cache
> < Expires: Sat, 21 Oct 2017 19:54:43 GMT
> < Date: Sat, 21 Oct 2017 19:54:43 GMT
> < Pragma: no-cache
> < Content-Type: application/json; charset=utf8
> < Access-Control-Allow-Methods: GET
> < Access-Control-Allow-Origin: *
> < Transfer-Encoding: chunked
> {code}
> With the patch:
> {code}
> curl -v localhost:9876/jmx -o /dev/null   
>   
> * Connected to localhost (::1) port 9876 (#0)
> > GET /jmx HTTP/1.1
> > Host: localhost:9876
> > User-Agent: curl/7.55.1
> > Accept: */*
> > 
> < HTTP/1.1 200 OK
> < Date: Sat, 21 Oct 2017 19:55:07 GMT
> < Cache-Control: no-cache
> < Expires: Sat, 21 Oct 2017 19:55:07 GMT
> < Date: Sat, 21 Oct 2017 19:55:07 GMT
> < Pragma: no-cache
> < Content-Type: application/json; charset=utf8
> < X-FRAME-OPTIONS: SAMEORIGIN
> < Access-Control-Allow-Methods: GET
> < Access-Control-Allow-Origin: *
> < Transfer-Encoding: chunked
> {code}
> Note: X-FRAME-OPTIONS header exists at the second case.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

[jira] [Commented] (HDFS-12693) Ozone: Enable XFrame options for KSM/SCM web ui

2017-10-26 Thread Anu Engineer (JIRA)


[ 
https://issues.apache.org/jira/browse/HDFS-12693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16220802#comment-16220802
 ] 

Anu Engineer commented on HDFS-12693:
-

+1, I will commit this shortly.


> Ozone: Enable XFrame options for KSM/SCM web ui
> ---
>
> Key: HDFS-12693
> URL: https://issues.apache.org/jira/browse/HDFS-12693
> Project: Hadoop HDFS
>  Issue Type: Sub-task
>  Components: ozone
>Affects Versions: HDFS-7240
>Reporter: Elek, Marton
>Assignee: Elek, Marton
> Attachments: HDFS-12693-HDFS-7240.001.patch
>
>
> According to the discussion about security checklist on dev list I started to 
> check the security features of the existing HttpServer2 and found that by 
> default the XFrame option headers are disabled. This patch enables it by 
> default for SCM/KSM server similar to the Namenode/Datanode webui. 
> (Note: Even if the only form on the SCM/KSM ui-s is the standard LogLevel 
> form, I think it's a good practice to enable it by default.)
> Test:
> Without the patch (clean build, SCM ui):
> {code}
>  curl -v localhost:9876/jmx -o /dev/null  
>   
>* TCP_NODELAY set
> * Connected to localhost (::1) port 9876 (#0)
> > GET /jmx HTTP/1.1
> > Host: localhost:9876
> > User-Agent: curl/7.55.1
> > Accept: */*
> > 
> < HTTP/1.1 200 OK
> < Date: Sat, 21 Oct 2017 19:54:43 GMT
> < Cache-Control: no-cache
> < Expires: Sat, 21 Oct 2017 19:54:43 GMT
> < Date: Sat, 21 Oct 2017 19:54:43 GMT
> < Pragma: no-cache
> < Content-Type: application/json; charset=utf8
> < Access-Control-Allow-Methods: GET
> < Access-Control-Allow-Origin: *
> < Transfer-Encoding: chunked
> {code}
> With the patch:
> {code}
> curl -v localhost:9876/jmx -o /dev/null   
>   
> * Connected to localhost (::1) port 9876 (#0)
> > GET /jmx HTTP/1.1
> > Host: localhost:9876
> > User-Agent: curl/7.55.1
> > Accept: */*
> > 
> < HTTP/1.1 200 OK
> < Date: Sat, 21 Oct 2017 19:55:07 GMT
> < Cache-Control: no-cache
> < Expires: Sat, 21 Oct 2017 19:55:07 GMT
> < Date: Sat, 21 Oct 2017 19:55:07 GMT
> < Pragma: no-cache
> < Content-Type: application/json; charset=utf8
> < X-FRAME-OPTIONS: SAMEORIGIN
> < Access-Control-Allow-Methods: GET
> < Access-Control-Allow-Origin: *
> < Transfer-Encoding: chunked
> {code}
> Note: X-FRAME-OPTIONS header exists at the second case.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

[jira] [Commented] (HDFS-12693) Ozone: Enable XFrame options for KSM/SCM web ui

2017-10-24 Thread Elek, Marton (JIRA)


[ 
https://issues.apache.org/jira/browse/HDFS-12693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16216991#comment-16216991
 ] 

Elek, Marton commented on HDFS-12693:
-

yes, it could be useful when a cluster management tool (like ambari or cloudera 
manager) would like to include the webui as an iframe. I am not so familiar 
with the management tools, so don't know if they use iframe now, but with the 
configuration it is possible to set "X-Frame-Options: ALLOW-FROM 
https://management.internal/";

> Ozone: Enable XFrame options for KSM/SCM web ui
> ---
>
> Key: HDFS-12693
> URL: https://issues.apache.org/jira/browse/HDFS-12693
> Project: Hadoop HDFS
>  Issue Type: Sub-task
>  Components: ozone
>Affects Versions: HDFS-7240
>Reporter: Elek, Marton
>Assignee: Elek, Marton
> Attachments: HDFS-12693-HDFS-7240.001.patch
>
>
> According to the discussion about security checklist on dev list I started to 
> check the security features of the existing HttpServer2 and found that by 
> default the XFrame option headers are disabled. This patch enables it by 
> default for SCM/KSM server similar to the Namenode/Datanode webui. 
> (Note: Even if the only form on the SCM/KSM ui-s is the standard LogLevel 
> form, I think it's a good practice to enable it by default.)
> Test:
> Without the patch (clean build, SCM ui):
> {code}
>  curl -v localhost:9876/jmx -o /dev/null  
>   
>* TCP_NODELAY set
> * Connected to localhost (::1) port 9876 (#0)
> > GET /jmx HTTP/1.1
> > Host: localhost:9876
> > User-Agent: curl/7.55.1
> > Accept: */*
> > 
> < HTTP/1.1 200 OK
> < Date: Sat, 21 Oct 2017 19:54:43 GMT
> < Cache-Control: no-cache
> < Expires: Sat, 21 Oct 2017 19:54:43 GMT
> < Date: Sat, 21 Oct 2017 19:54:43 GMT
> < Pragma: no-cache
> < Content-Type: application/json; charset=utf8
> < Access-Control-Allow-Methods: GET
> < Access-Control-Allow-Origin: *
> < Transfer-Encoding: chunked
> {code}
> With the patch:
> {code}
> curl -v localhost:9876/jmx -o /dev/null   
>   
> * Connected to localhost (::1) port 9876 (#0)
> > GET /jmx HTTP/1.1
> > Host: localhost:9876
> > User-Agent: curl/7.55.1
> > Accept: */*
> > 
> < HTTP/1.1 200 OK
> < Date: Sat, 21 Oct 2017 19:55:07 GMT
> < Cache-Control: no-cache
> < Expires: Sat, 21 Oct 2017 19:55:07 GMT
> < Date: Sat, 21 Oct 2017 19:55:07 GMT
> < Pragma: no-cache
> < Content-Type: application/json; charset=utf8
> < X-FRAME-OPTIONS: SAMEORIGIN
> < Access-Control-Allow-Methods: GET
> < Access-Control-Allow-Origin: *
> < Transfer-Encoding: chunked
> {code}
> Note: X-FRAME-OPTIONS header exists at the second case.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

[jira] [Commented] (HDFS-12693) Ozone: Enable XFrame options for KSM/SCM web ui

2017-10-23 Thread Anu Engineer (JIRA)


[ 
https://issues.apache.org/jira/browse/HDFS-12693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16216103#comment-16216103
 ] 

Anu Engineer commented on HDFS-12693:
-

quick question: In the original case X-Frames was an option since we had to 
worry about the backward compact. Do we have a case where people would not want 
X-Frame? That is, is there a case other than backward compatibility where we do 
not want X-Frame?

> Ozone: Enable XFrame options for KSM/SCM web ui
> ---
>
> Key: HDFS-12693
> URL: https://issues.apache.org/jira/browse/HDFS-12693
> Project: Hadoop HDFS
>  Issue Type: Sub-task
>  Components: ozone
>Affects Versions: HDFS-7240
>Reporter: Elek, Marton
>Assignee: Elek, Marton
> Attachments: HDFS-12693-HDFS-7240.001.patch
>
>
> According to the discussion about security checklist on dev list I started to 
> check the security features of the existing HttpServer2 and found that by 
> default the XFrame option headers are disabled. This patch enables it by 
> default for SCM/KSM server similar to the Namenode/Datanode webui. 
> (Note: Even if the only form on the SCM/KSM ui-s is the standard LogLevel 
> form, I think it's a good practice to enable it by default.)
> Test:
> Without the patch (clean build, SCM ui):
> {code}
>  curl -v localhost:9876/jmx -o /dev/null  
>   
>* TCP_NODELAY set
> * Connected to localhost (::1) port 9876 (#0)
> > GET /jmx HTTP/1.1
> > Host: localhost:9876
> > User-Agent: curl/7.55.1
> > Accept: */*
> > 
> < HTTP/1.1 200 OK
> < Date: Sat, 21 Oct 2017 19:54:43 GMT
> < Cache-Control: no-cache
> < Expires: Sat, 21 Oct 2017 19:54:43 GMT
> < Date: Sat, 21 Oct 2017 19:54:43 GMT
> < Pragma: no-cache
> < Content-Type: application/json; charset=utf8
> < Access-Control-Allow-Methods: GET
> < Access-Control-Allow-Origin: *
> < Transfer-Encoding: chunked
> {code}
> With the patch:
> {code}
> curl -v localhost:9876/jmx -o /dev/null   
>   
> * Connected to localhost (::1) port 9876 (#0)
> > GET /jmx HTTP/1.1
> > Host: localhost:9876
> > User-Agent: curl/7.55.1
> > Accept: */*
> > 
> < HTTP/1.1 200 OK
> < Date: Sat, 21 Oct 2017 19:55:07 GMT
> < Cache-Control: no-cache
> < Expires: Sat, 21 Oct 2017 19:55:07 GMT
> < Date: Sat, 21 Oct 2017 19:55:07 GMT
> < Pragma: no-cache
> < Content-Type: application/json; charset=utf8
> < X-FRAME-OPTIONS: SAMEORIGIN
> < Access-Control-Allow-Methods: GET
> < Access-Control-Allow-Origin: *
> < Transfer-Encoding: chunked
> {code}
> Note: X-FRAME-OPTIONS header exists at the second case.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

[jira] [Commented] (HDFS-12693) Ozone: Enable XFrame options for KSM/SCM web ui

2017-10-21 Thread Hadoop QA (JIRA)


[ 
https://issues.apache.org/jira/browse/HDFS-12693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16214125#comment-16214125
 ] 

Hadoop QA commented on HDFS-12693:
--

| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 16m 
42s{color} | {color:blue} Docker mode activated. {color} |
|| || || || {color:brown} Prechecks {color} ||
| {color:green}+1{color} | {color:green} @author {color} | {color:green}  0m  
0s{color} | {color:green} The patch does not contain any @author tags. {color} |
| {color:red}-1{color} | {color:red} test4tests {color} | {color:red}  0m  
0s{color} | {color:red} The patch doesn't appear to include any new or modified 
tests. Please justify why no new tests are needed for this patch. Also please 
list what manual steps were performed to verify this patch. {color} |
|| || || || {color:brown} HDFS-7240 Compile Tests {color} ||
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 19m 
59s{color} | {color:green} HDFS-7240 passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green}  1m 
25s{color} | {color:green} HDFS-7240 passed {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green}  0m 
55s{color} | {color:green} HDFS-7240 passed {color} |
| {color:green}+1{color} | {color:green} mvnsite {color} | {color:green}  1m 
41s{color} | {color:green} HDFS-7240 passed {color} |
| {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 
15m 14s{color} | {color:green} branch has no errors when building and testing 
our client artifacts. {color} |
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green}  3m 
19s{color} | {color:green} HDFS-7240 passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green}  1m 
27s{color} | {color:green} HDFS-7240 passed {color} |
|| || || || {color:brown} Patch Compile Tests {color} ||
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green}  1m 
28s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green}  1m 
18s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green}  1m 
18s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green}  0m 
51s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} mvnsite {color} | {color:green}  1m 
51s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} whitespace {color} | {color:green}  0m 
 0s{color} | {color:green} The patch has no whitespace issues. {color} |
| {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 
14m 24s{color} | {color:green} patch has no errors when building and testing 
our client artifacts. {color} |
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green}  3m  
5s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green}  1m 
21s{color} | {color:green} the patch passed {color} |
|| || || || {color:brown} Other Tests {color} ||
| {color:red}-1{color} | {color:red} unit {color} | {color:red} 90m 43s{color} 
| {color:red} hadoop-hdfs in the patch failed. {color} |
| {color:green}+1{color} | {color:green} asflicense {color} | {color:green}  0m 
45s{color} | {color:green} The patch does not generate ASF License warnings. 
{color} |
| {color:black}{color} | {color:black} {color} | {color:black}175m 41s{color} | 
{color:black} {color} |
\\
\\
|| Reason || Tests ||
| Failed junit tests | hadoop.hdfs.TestReadStripedFileWithMissingBlocks |
|   | hadoop.hdfs.TestDFSStripedOutputStreamWithFailure130 |
|   | hadoop.hdfs.server.datanode.TestDataNodeVolumeFailure |
| Timed out junit tests | 
org.apache.hadoop.hdfs.server.datanode.TestDataNodeVolumeFailureReporting |
|   | 
org.apache.hadoop.hdfs.server.datanode.fsdataset.impl.TestScrLazyPersistFiles |
|   | 
org.apache.hadoop.hdfs.server.datanode.fsdataset.impl.TestLazyPersistFiles |
|   | 
org.apache.hadoop.hdfs.server.datanode.fsdataset.impl.TestLazyPersistReplicaPlacement
 |
\\
\\
|| Subsystem || Report/Notes ||
| Docker |  Image:yetus/hadoop:71bbb86 |
| JIRA Issue | HDFS-12693 |
| JIRA Patch URL | 
https://issues.apache.org/jira/secure/attachment/12893430/HDFS-12693-HDFS-7240.001.patch
 |
| Optional Tests |  asflicense  compile  javac  javadoc  mvninstall  mvnsite  
unit  shadedclient  findbugs  checkstyle  |
| uname | Linux 9ff1c2750d28 3.13.0-129-generic #178-Ubuntu SMP Fri Aug 11 
12:48:20 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | /testptch/hadoop/patchprocess/precommit/personality/provided.sh 
|
| git re

[jira] [Commented] (HDFS-12693) Ozone: Enable XFrame options for KSM/SCM web ui

[jira] [Commented] (HDFS-12693) Ozone: Enable XFrame options for KSM/SCM web ui

[jira] [Commented] (HDFS-12693) Ozone: Enable XFrame options for KSM/SCM web ui

[jira] [Commented] (HDFS-12693) Ozone: Enable XFrame options for KSM/SCM web ui

[jira] [Commented] (HDFS-12693) Ozone: Enable XFrame options for KSM/SCM web ui

[jira] [Commented] (HDFS-12693) Ozone: Enable XFrame options for KSM/SCM web ui

6 matches

Site Navigation

Mail list logo

Footer information