[
https://issues.apache.org/jira/browse/HADOOP-14908?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16184675#comment-16184675
]
Jonathan Eagles commented on HADOOP-14908:
------------------------------------------
The original cross origin filter in hadoop was designed based on the apache
license jetty cross origin filter (not available in the 6.x jetty line). This
was done so that when jetty 9 was adopted in trunk we had an option to stop
using the hadoop version and migrate to the jetty version very easily. Do we
want to follow the jetty 9 capabilities for this plugin?
https://www.eclipse.org/jetty/documentation/9.4.x/cross-origin-filter.html
http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CrossOriginFilter.java
> CrossOriginFilter should trigger regex on more input
> ----------------------------------------------------
>
> Key: HADOOP-14908
> URL: https://issues.apache.org/jira/browse/HADOOP-14908
> Project: Hadoop Common
> Issue Type: Improvement
> Components: common, security
> Affects Versions: 3.0.0-beta1
> Reporter: Allen Wittenauer
> Assignee: Johannes Alberti
> Attachments: HADOOP-14908-PR279.patch
>
>
> Currently, CrossOriginFilter.java limits regex matching only if there is an
> asterisk (\*) in the config.
> {code}
> if (allowedOrigin.contains("*")) {
> {code}
> This means that entries such as:
> {code}
> http?://foo.example.com
> https://[a-z][0-9].example.com
> {code}
> ... and other patterns that succinctly limit the input space need to either
> be fully expanded or dramatically have their space increased by using an
> asterisk in order to pass through the filter.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
