Susheel Gupta created YARN-11923:
------------------------------------
Summary: YARN web proxy AmIpFilter allows TRACE, bypassing sparkUI
TRACE block
Key: YARN-11923
URL: https://issues.apache.org/jira/browse/YARN-11923
Project: Hadoop YARN
Issue Type: Bug
Components: yarn
Reporter: Susheel Gupta
Assignee: Susheel Gupta
In yarn mode, sparkUI responds to http TRACE with 302 redirect. The redirect
happens in AmIpFilter, so the TRACE request is getting processed before spark
jetty handler can reject it. This causes security scanners to report TRACE
enabled.
In local mode there is no yarn proxy filter, so requests go directly to spark
Jetty servlet. SPARK‑5983 adds TRACE filter correctly returning 405.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
