Larry McCay created HADOOP-12691:
------------------------------------
Summary: Add CSRF Filter to Hadoop Common
Key: HADOOP-12691
URL: https://issues.apache.org/jira/browse/HADOOP-12691
Project: Hadoop Common
Issue Type: Bug
Components: security
Reporter: Larry McCay
Assignee: Larry McCay
Fix For: 3.0.0
CSRF prevention for REST APIs can be provided through a common servlet filter.
This filter would check for the existence of an expected (configurable) HTTP
header - such as X-Requested-By.
The fact that CSRF attacks are entirely browser based means that the above
approach can ensure that requests are coming from either: applications served
by the same origin as the REST API or that there is explicit policy
configuration that allows the setting of a header on XmlHttpRequest from
another origin.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
