Parth Brahmbhatt created STORM-749:
--------------------------------------
Summary: Remove CSRF check from rest API
Key: STORM-749
URL: https://issues.apache.org/jira/browse/STORM-749
Project: Apache Storm
Issue Type: Task
Affects Versions: 0.9.3
Reporter: Parth Brahmbhatt
Assignee: Parth Brahmbhatt
Fix For: 0.10.0
I think we can safely get rid of the whole CSRF code. CSRF vulnerability is
only exposed when websites use session based authentication. In our case we
only use http authentication so we are not really vulnerable to CSRF attacks.
Currently the CSRF check only hinders non browser clients.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
