[
https://issues.apache.org/jira/browse/AMBARI-7344?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14149679#comment-14149679
]
Hudson commented on AMBARI-7344:
--------------------------------
SUCCESS: Integrated in Ambari-trunk-Commit #393 (See
[https://builds.apache.org/job/Ambari-trunk-Commit/393/])
AMBARI-7344. CSRF Prevention is broken for the /proxy endpoint. (mpapirkovskyy)
(mpapyrkovskyy:
http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=94bda467597a55e75bda1e1469ec969dc7d5e5dc)
*
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
> CSRF Prevention is broken for the /proxy endpoint
> -------------------------------------------------
>
> Key: AMBARI-7344
> URL: https://issues.apache.org/jira/browse/AMBARI-7344
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 1.7.0
> Reporter: Yusaku Sako
> Assignee: Myroslav Papirkovskyy
> Priority: Critical
> Fix For: 1.7.0
>
>
> The CSRF prevention filter on the /proxy endpoint was effective for 1.6.1.
> In trunk, this is broken.
> https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java#L383
> The code is referring to an incorrect filter class.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
