Oleg Nechiporenko created AMBARI-3758:
-----------------------------------------
Summary: Make Ambari Web changes for CSRF prevention
Key: AMBARI-3758
URL: https://issues.apache.org/jira/browse/AMBARI-3758
Project: Ambari
Issue Type: Bug
Components: client
Affects Versions: 1.4.2
Reporter: Oleg Nechiporenko
Assignee: Oleg Nechiporenko
Fix For: 1.4.2
Basically, Ambari Web needs to pass the extra "X-Requested-By" HTTP header for
*ALL* POST, PUT, and DELETE calls. No changes will be made to GET calls
(though it is OK to pass this extra HTTP header for GET calls if it's easier to
implement that way).
--
This message was sent by Atlassian JIRA
(v6.1#6144)
