[jira] [Updated] (AMBARI-3758) Make Ambari Web changes for CSRF prevention

Wed, 13 Nov 2013 06:26:35 -0800 

     [ 
https://issues.apache.org/jira/browse/AMBARI-3758?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Oleg Nechiporenko updated AMBARI-3758:
--------------------------------------

    Attachment: AMBARI-3758.patch

> Make Ambari Web changes for CSRF prevention
> -------------------------------------------
>
>                 Key: AMBARI-3758
>                 URL: https://issues.apache.org/jira/browse/AMBARI-3758
>             Project: Ambari
>          Issue Type: Bug
>          Components: client
>    Affects Versions: 1.4.2
>            Reporter: Oleg Nechiporenko
>            Assignee: Oleg Nechiporenko
>             Fix For: 1.4.2
>
>         Attachments: AMBARI-3758.patch
>
>
> Basically, Ambari Web needs to pass the extra "X-Requested-By" HTTP header 
> for *ALL* POST, PUT, and DELETE calls.  No changes will be made to GET calls 
> (though it is OK to pass this extra HTTP header for GET calls if it's easier 
> to implement that way).



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Reply via email to