Oleksandr Diachenko created KAFKA-7715:
------------------------------------------
Summary: Connect should have a parameter to disable WADL output
for OPTIONS method
Key: KAFKA-7715
URL: https://issues.apache.org/jira/browse/KAFKA-7715
Project: Kafka
Issue Type: Improvement
Components: config, security
Affects Versions: 2.1.0
Reporter: Oleksandr Diachenko
Fix For: 2.1.1
Currently, Connect REST API exposes WADL output on OPTIONS method:
{code:bash}
curl -i -X OPTIONS http://localhost:8083/connectors
HTTP/1.1 200 OK
Date: Fri, 07 Dec 2018 22:51:53 GMT
Content-Type: application/vnd.sun.wadl+xml
Allow: HEAD,POST,GET,OPTIONS
Last-Modified: Fri, 07 Dec 2018 14:51:53 PST
Content-Length: 1331
Server: Jetty(9.4.12.v20180830)
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<application xmlns="http://wadl.dev.java.net/2009/02";>
<doc xmlns:jersey="http://jersey.java.net/"; jersey:generatedBy="Jersey: 2.27
2018-04-10 07:34:57"/>
<grammars>
<include href="http://localhost:8083/application.wadl/xsd0.xsd";>
<doc title="Generated" xml:lang="en"/>
</include>
</grammars>
<resources base="http://localhost:8083/";>
<resource path="connectors">
<method id="createConnector" name="POST">
<request>
<param xmlns:xs="http://www.w3.org/2001/XMLSchema"; name="forward" style="query"
type="xs:boolean"/>
<representation mediaType="application/json"/>
</request>
<response>
<representation mediaType="application/json"/>
</response>
</method>
<method id="listConnectors" name="GET">
<request>
<param xmlns:xs="http://www.w3.org/2001/XMLSchema"; name="forward" style="query"
type="xs:boolean"/>
</request>
<response>
<representation mediaType="application/json"/>
</response>
</method>
</resource>
</resources>
</application>
{code}
This can be a potential vulnerability, so it makes sense to have a
configuration parameter, which disables WADL output.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
