[
https://issues.apache.org/jira/browse/FALCON-2082?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15385160#comment-15385160
]
Ying Zheng edited comment on FALCON-2082 at 7/20/16 1:23 AM:
-------------------------------------------------------------
Prototyped with RestCsrfPreventionFilter in Hadoop 2.8.0. Tested with empty
header and CSRF filter enabled that GET methods get accepted while POST methods
are rejected as expected. See attached picture. If we use
RestCsrfPreventionFilter, it requires Falcon to upgrade Hadoop version to
2.8.0. Let me know if there is any objection on this. Thank you!
was (Author: yzheng-hortonworks):
Prototyped with RestCsrfPreventionFilter in Hadoop 2.8.0. Tested with empty
header and CSRF filter enabled that GET methods get accepted while POST methods
are rejected as expected. See attached picture. If we use
RestCsrfPreventionFilter, it requires us to upgrade Hadoop version to 2.8.0.
Let me know if there is any objection on this. Thank you!
> Add CSRF filter for REST APIs
> -----------------------------
>
> Key: FALCON-2082
> URL: https://issues.apache.org/jira/browse/FALCON-2082
> Project: Falcon
> Issue Type: Improvement
> Reporter: Ying Zheng
> Assignee: Ying Zheng
> Attachments: Screen Shot 2016-07-19 at 4.54.29 PM.png
>
>
> A CSRF filter was added to Hadoop common
> (https://issues.apache.org/jira/browse/HADOOP-12691). This JIRA is to
> integrate this filter into Falcon REST API post methods.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
