[
https://issues.apache.org/jira/browse/HADOOP-14908?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Allen Wittenauer updated HADOOP-14908:
--------------------------------------
Description:
Currently, CrossOriginFilter.java limits regex matching only if there is an
asterisk (\*) in the config.
{code}
if (allowedOrigin.contains("*")) {
{code}
This means that entries such as:
{code}
http?://foo.example.com
https://[a-z][0-9].example.com
{code}
... and other patterns that succinctly limit the input space need to either be
fully expanded or dramatically have their space increased by using an asterisk
in order to pass through the filter.
was:
Currently, CrossOriginFilter.java limits regex matching only if there is an
asterisk (*) in the config.
{code}
if (allowedOrigin.contains("*")) {
{code}
This means that entries such as:
{code}
http?://foo.example.com
https://[a-z][0-9].example.com
{code}
... and other patterns that succinctly limit the input space need to either be
fully expanded or dramatically have their space increased by using an asterisk
in order to pass through the filter.
> CrossOriginFilter should trigger regex on more input
> ----------------------------------------------------
>
> Key: HADOOP-14908
> URL: https://issues.apache.org/jira/browse/HADOOP-14908
> Project: Hadoop Common
> Issue Type: Improvement
> Components: common, security
> Affects Versions: 3.0.0-beta1
> Reporter: Allen Wittenauer
>
> Currently, CrossOriginFilter.java limits regex matching only if there is an
> asterisk (\*) in the config.
> {code}
> if (allowedOrigin.contains("*")) {
> {code}
> This means that entries such as:
> {code}
> http?://foo.example.com
> https://[a-z][0-9].example.com
> {code}
> ... and other patterns that succinctly limit the input space need to either
> be fully expanded or dramatically have their space increased by using an
> asterisk in order to pass through the filter.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
