[jira] [Resolved] (AMBARI-7344) CSRF Prevention is broken for the /proxy endpoint

Myroslav Papirkovskyy (JIRA) Fri, 26 Sep 2014 09:51:06 -0700

     [ 
https://issues.apache.org/jira/browse/AMBARI-7344?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Myroslav Papirkovskyy resolved AMBARI-7344.
-------------------------------------------
    Resolution: Fixed

Pushed to trunk

> CSRF Prevention is broken for the /proxy endpoint
> -------------------------------------------------
>
>                 Key: AMBARI-7344
>                 URL: https://issues.apache.org/jira/browse/AMBARI-7344
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 1.7.0
>            Reporter: Yusaku Sako
>            Assignee: Myroslav Papirkovskyy
>            Priority: Critical
>             Fix For: 1.7.0
>
>
> The CSRF prevention filter on the /proxy endpoint was effective for 1.6.1.
> In trunk, this is broken.
> https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java#L383
> The code is referring to an incorrect filter class.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Resolved] (AMBARI-7344) CSRF Prevention is broken for the /proxy endpoint

Reply via email to