Eric Yang created HADOOP-14967: ---------------------------------- Summary: Use jetty CORS filter for web interface Key: HADOOP-14967 URL: https://issues.apache.org/jira/browse/HADOOP-14967 Project: Hadoop Common Issue Type: Bug Reporter: Eric Yang
Hadoop CORS filter only prevent iframe from embedding Hadoop UI. It would be nice to use standard jetty CORS filter to improve control of CORS filtering. A standard approach is to add this section of code in web.xml: {code} <web-app> <filter> <filter-name>cross-origin</filter-name> <filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class> <init-param> <param-name>allowedOrigins</param-name> <param-value>*</param-value> </init-param> <init-param> <param-name>allowedMethods</param-name> <param-value>*</param-value> </init-param> <init-param> <param-name>allowedHeaders</param-name> <param-value>*</param-value> </init-param> </filter> <filter-mapping> <filter-name>cross-origin</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </web-app> {code} and pom.xml: {code} <dependency> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-servlets</artifactId> <version>${jetty.version}</version> </dependency> {code} Hadoop web application are written with embedding Jetty. This is most likely translate to a callable class to initialize web filter using standard jetty web filter, when {{hadoop.http.cross-origin.enabled}} is set to true. -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org