[
https://issues.apache.org/jira/browse/HADOOP-13008?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15444063#comment-15444063
]
Chris Nauroth commented on HADOOP-13008:
----------------------------------------
Hello [~lmccay]. I see this in branch-2.8 as commit
e9ee258d04705f71c62c4d585686ad0eec47d8f4.
{code}
commit e9ee258d04705f71c62c4d585686ad0eec47d8f4
Author: Chris Nauroth <[email protected]>
Date: Wed May 11 10:58:32 2016 -0700
HADOOP-13008. Add XFS Filter for UIs to Hadoop Common. Contributed by Larry
McCay.
(cherry picked from commit dee279b532e7286362518b531c9daea9ae8606f4)
(cherry picked from commit 31279ae45eeb74d0955014ceffacb5c40d2f3ee5)
{code}
> Add XFS Filter for UIs to Hadoop Common
> ---------------------------------------
>
> Key: HADOOP-13008
> URL: https://issues.apache.org/jira/browse/HADOOP-13008
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Larry McCay
> Assignee: Larry McCay
> Fix For: 2.8.0
>
> Attachments: HADOOP-13008-001.patch, HADOOP-13008-002.patch,
> HADOOP-13008-003.patch, HADOOP-13008-004.patch
>
>
> Cross Frame Scripting (XFS) prevention for UIs can be provided through a
> common servlet filter. This filter will set the X-Frame-Options HTTP header
> to DENY unless configured to another valid setting.
> There are a number of UIs that could just add this to their filters as well
> as the Yarn webapp proxy which could add it for all it's proxied UIs - if
> appropriate.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
