Hi Roshan,

I haven't seen nor I'm aware of any protection like that but I don't think
is required either.
Flume http source doesn't enable CORS nor hosts any html, so that kind of
attack is prevented by the browser.
In general, I think is strange having a browser connected to Flume other
than for testing purposes with a REST extension.

What is your especific concern/use case?
You can always extend the http source to add such protection yourself if
needed

Regards,
Gonzalo
On Jan 8, 2016 9:08 PM, "Roshan Naik" <ros...@hortonworks.com> wrote:

> My understanding is that  Flume HTTP source does not have any protection
> against Cross-Site Request Forgery (CSRF) attacks.  Wanted to double check
> with others if that is correct ?
>
> -roshan
>

Reply via email to