Repository: hadoop Updated Branches: refs/heads/YARN-3368_branch2 3a5f1a6c2 -> bc2326f5f
YARN-7338. Support same origin policy for cross site scripting prevention. (Sunil G via wangda) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/017ac560 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/017ac560 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/017ac560 Branch: refs/heads/YARN-3368_branch2 Commit: 017ac560f0261e19925ee24999f7828c433dda11 Parents: 3a5f1a6 Author: Wangda Tan <wan...@apache.org> Authored: Thu Oct 19 14:44:42 2017 -0700 Committer: vrushali <vrush...@apache.org> Committed: Thu Oct 19 21:48:11 2017 -0700 ---------------------------------------------------------------------- .../org/apache/hadoop/yarn/webapp/WebApps.java | 24 +++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/017ac560/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/WebApps.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/WebApps.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/WebApps.java index 0dc6354..3782c05 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/WebApps.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/WebApps.java @@ -401,7 +401,8 @@ public class WebApps { WebApp webApp = build(webapp); HttpServer2 httpServer = webApp.httpServer(); if (ui2Context != null) { - httpServer.addContext(ui2Context, true); + addFiltersForNewContext(ui2Context); + httpServer.addHandlerAtFront(ui2Context); } try { httpServer.start(); @@ -413,6 +414,27 @@ public class WebApps { return webApp; } + private void addFiltersForNewContext(WebAppContext ui2Context) { + Map<String, String> params = getConfigParameters(csrfConfigPrefix); + + if (hasCSRFEnabled(params)) { + LOG.info("CSRF Protection has been enabled for the {} application. " + + "Please ensure that there is an authentication mechanism " + + "enabled (kerberos, custom, etc).", name); + String restCsrfClassName = RestCsrfPreventionFilter.class.getName(); + HttpServer2.defineFilter(ui2Context, restCsrfClassName, + restCsrfClassName, params, new String[]{"/*"}); + } + + params = getConfigParameters(xfsConfigPrefix); + + if (hasXFSEnabled()) { + String xfsClassName = XFrameOptionsFilter.class.getName(); + HttpServer2.defineFilter(ui2Context, xfsClassName, xfsClassName, params, + new String[]{"/*"}); + } + } + private String inferHostClass() { String thisClass = this.getClass().getName(); Throwable t = new Throwable(); --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-commits-h...@hadoop.apache.org