...
>
> Still, this should be fixed. Please file a JIRA with your findings.
>
> Thanks,
> - Paul
>
>
>
> On Thursday, August 15, 2019, 8:33:19 PM PDT, Don Perial <
> perial...@gmail.com> wrote:
>
> It seems that there is no way to protect the WebUI from
Don Perial created DRILL-7351:
-
Summary: WebUI is Vulnerable to CSRF
Key: DRILL-7351
URL: https://issues.apache.org/jira/browse/DRILL-7351
Project: Apache Drill
Issue Type: Bug
It seems that there is no way to protect the WebUI from CSRF and the fact
that the value for the access-control-allow-origin header is '*' appears to
confound this issue as well. I have searched the documentation and also did
quite a bit of Googling but have not seen any references to this. Is this
