K0K0V0K commented on PR #8206: URL: https://github.com/apache/hadoop/pull/8206#issuecomment-3788806501
Thanks @susheelgupta7 for this security upgrade. I think that if we hardcode these two HTTP methods, it will also affect non-Spark applications and could potentially break some custom YARN applications. For example, what if there is a specific YARN AM that has business logic tied to these trace calls? What do you think about creating a new configuration list of allowed HTTP methods instead of hardcoding these values? If the list is empty, everything would behave as it does currently; otherwise, the methods would be filtered against the list. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
