Vrushali C created YARN-7338:
--------------------------------
Summary: Support same origin policy for cross site scripting
prevention.
Key: YARN-7338
URL: https://issues.apache.org/jira/browse/YARN-7338
Project: Hadoop YARN
Issue Type: Sub-task
Components: yarn-ui-v2
Reporter: Vrushali C
Opening jira as suggested b [~eyang] on the thread for merging YARN-3368 (new
web UI) to branch2
http://mail-archives.apache.org/mod_mbox/hadoop-yarn-dev/201610.mbox/%3ccad++ecmvvqnzqz9ynkvkcxaczdkg50yiofxktgk3mmms9sh...@mail.gmail.com%3E
----------
Ui2 does not seem to support same origin policy for cross site scripting
prevention.
The following parameters has no effect for /ui2:
hadoop.http.cross-origin.enabled = true
yarn.resourcemanager.webapp.cross-origin.enabled = true
This is because ui2 is designed as a separate web application. WebFilters
setup for existing resource manager doesn’t apply to the new web application.
Please open JIRA to track the security issue and resolve the problem prior to
backporting this to branch-2.
This would minimize the risk to open up security hole in branch-2.
----------
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-dev-h...@hadoop.apache.org
