Hi Roshan, I haven't seen nor I'm aware of any protection like that but I don't think is required either. Flume http source doesn't enable CORS nor hosts any html, so that kind of attack is prevented by the browser. In general, I think is strange having a browser connected to Flume other than for testing purposes with a REST extension.
What is your especific concern/use case? You can always extend the http source to add such protection yourself if needed Regards, Gonzalo On Jan 8, 2016 9:08 PM, "Roshan Naik" <ros...@hortonworks.com> wrote: > My understanding is that Flume HTTP source does not have any protection > against Cross-Site Request Forgery (CSRF) attacks. Wanted to double check > with others if that is correct ? > > -roshan >