[1/2] git commit: AMBARI-3825. Enable CSRF protection by default. (mpapirkovskyy)

Fri, 22 Nov 2013 11:40:24 -0800 

Updated Branches:
  refs/heads/branch-1.4.2 87adc8c2d -> 292b58e38


AMBARI-3825.  Enable CSRF protection by default. (mpapirkovskyy)


Project: http://git-wip-us.apache.org/repos/asf/incubator-ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ambari/commit/729b9c8e
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ambari/tree/729b9c8e
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ambari/diff/729b9c8e

Branch: refs/heads/branch-1.4.2
Commit: 729b9c8efe3148718140e23970887e0fb59ba4d7
Parents: 87adc8c
Author: Myroslav Papirkovskyy <mpapyrkovs...@hortonworks.com>
Authored: Fri Nov 22 15:38:53 2013 +0200
Committer: Mahadev Konar <maha...@apache.org>
Committed: Fri Nov 22 10:32:03 2013 -0800

----------------------------------------------------------------------
 .../java/org/apache/ambari/server/configuration/Configuration.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/729b9c8e/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
----------------------------------------------------------------------
diff --git 
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
 
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
index b92441b..dd6b66d 100644
--- 
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
+++ 
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
@@ -200,7 +200,7 @@ public class Configuration {
   public static final String CLIENT_API_SSL_KEY_NAME_DEFAULT = "https.key";
   public static final String CLIENT_API_SSL_CRT_NAME_DEFAULT = "https.crt";
 
-  private static final String API_CSRF_PREVENTION_DEFAULT = "false"; //TODO 
should be set to true for release
+  private static final String API_CSRF_PREVENTION_DEFAULT = "true";
 
   private static final String SRVR_CRT_PASS_FILE_DEFAULT ="pass.txt";
   private static final String SRVR_CRT_PASS_LEN_DEFAULT = "50";

Reply via email to