Thanks!
On 1/16/16, 8:51 AM, "Ashish" wrote:
>IMHO, No. XSRF can happen with session based things where two parties
>are talking.
>In Flume's case we never talk, we just listen and pass on the data.
>Other than Http Ok, we send anything back.
>We don't provide "Identifier" to the client which c
IMHO, No. XSRF can happen with session based things where two parties
are talking.
In Flume's case we never talk, we just listen and pass on the data.
Other than Http Ok, we send anything back.
We don't provide "Identifier" to the client which can be used by anyone else.
You must have encountered
Hi Roshan,
I haven't seen nor I'm aware of any protection like that but I don't think
is required either.
Flume http source doesn't enable CORS nor hosts any html, so that kind of
attack is prevented by the browser.
In general, I think is strange having a browser connected to Flume other
than for
My understanding is that Flume HTTP source does not have any protection
against Cross-Site Request Forgery (CSRF) attacks. Wanted to double check with
others if that is correct ?
-roshan
