Vipin Rathor created KNOX-1434:
----------------------------------
Summary: Visiting Knox Admin UI forces subsequent requests to
other services redirect to HTTPS
Key: KNOX-1434
URL: https://issues.apache.org/jira/browse/KNOX-1434
Project: Apache Knox
Issue Type: Bug
Components: AdminUI
Affects Versions: 1.0.0
Environment: HDP 3.0
Knox 1.0.0
Reporter: Vipin Rathor
*Problem Description:*
Visiting Knox Admin UI in any browser (Firefox / Chrome) sets the HTTP Strict
Transport Security (HSTS) header for the host where Knox is running. Any
subsequent request to other service on the same host (e.g. Graphana, Ranger
etc.) over HTTP would get redirected to HTTPS due to this header.
Please note that, this HSTS header is disabled in all Knox topologies by
default.
Ref:
[https://knox.apache.org/books/knox-1-1-0/user-guide.html#HTTP+Strict+Transport+Security]
*Impact:*
All the non-SSL requests to other services get redirected automatically to
HTTPS and would result in SSL errors like: SSL_ERROR_RX_RECORD_TOO_LONG or some
other error.
*Expected Behavior:*
Unless HSTS is specifically enabled for Knox Admin UI, it should not set HSTS
header.
*Steps to reproduce:*
# Configure Knox with default topology as one normally would.
# Once Knox is up, visit Knox Admin UI
# Now, in the same browser session, visit any non-SSL service running on the
same Knox host (like Ranger UI on 6080).
# Browser will redirect this HTTP request to HTTPS.
# If one can carefully clear the HSTS header in browser, then redirection will
stop until the next time one visits Knox Admin UI again.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
