ty considering the OSS nature of this project. Are you adding
> new endpoints to this webserver?
>
>
>
> More info about info/other methods :
> https://security.stackexchange.com/questions/21413/how-to-exploit-http-methods
>
>
>
>
>
> *From:* Ankit Jain
> *Sen
+ d...@spark.apache.org
On Tue, Apr 30, 2019 at 4:23 PM Ankit Jain wrote:
> Aah - actually found https://issues.apache.org/jira/browse/SPARK-18664 -
> "Don't respond to HTTP OPTIONS in HTTP-based UIs"
>
> Does anyone know if this can be prioritized?
>
> Thanks
>
Aah - actually found https://issues.apache.org/jira/browse/SPARK-18664 -
"Don't respond to HTTP OPTIONS in HTTP-based UIs"
Does anyone know if this can be prioritized?
Thanks
Ankit
On Tue, Apr 30, 2019 at 1:31 PM Ankit Jain wrote:
> Hi Fellow Spark users,
> We are u
Hi Fellow Spark users,
We are using Spark 2.3.0 and security team is reporting a violation that
Spark allows HTTP OPTIONS method to work(This method exposes what all
methods are supported by the end point which could be exploited by a
hacker).
This method is on Jetty web server, I see Spark uses