[
https://issues.apache.org/jira/browse/STORM-749?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14394537#comment-14394537
]
ASF GitHub Bot commented on STORM-749:
--------------------------------------
Github user d2r commented on the pull request:
https://github.com/apache/storm/pull/502#issuecomment-89313418
https://github.com/Parth-Brahmbhatt/incubator-storm/blob/b7ed77727a1d1e76fc775ac6776b6580e25a1afe/storm-core/src/ui/public/topology.html#L125-L128
Should remove this too, since the template is gone.
> Remove CSRF check from rest API
> -------------------------------
>
> Key: STORM-749
> URL: https://issues.apache.org/jira/browse/STORM-749
> Project: Apache Storm
> Issue Type: Task
> Affects Versions: 0.9.3
> Reporter: Parth Brahmbhatt
> Assignee: Parth Brahmbhatt
> Fix For: 0.10.0
>
>
> I think we can safely get rid of the whole CSRF code. CSRF vulnerability is
> only exposed when websites use session based authentication. In our case we
> only use http authentication so we are not really vulnerable to CSRF attacks.
> Currently the CSRF check only hinders non browser clients.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
