[
https://issues.apache.org/jira/browse/STORM-749?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14483404#comment-14483404
]
ASF GitHub Bot commented on STORM-749:
--------------------------------------
Github user d2r commented on the pull request:
https://github.com/apache/storm/pull/502#issuecomment-90618923
> I have a question. When we want to reflect PR into master and existing
branch, is it encouraged to make two PRs pointing for each branches, or just
one PR with cherry-pick?
I think we could cherry-pick, but either way you would have a new branch
before the code is merged in.
1) check out 0.10.x-branch
2) create new branch
3) cherry-pick change (test, etc...)
4) make pull request to apache 0.10.x-branch
I do not think we should cherry-pick commits directly to a branch without a
pull request, because it is a code change that should have a review.
@ptgoetz, any comment?
> Remove CSRF check from rest API
> -------------------------------
>
> Key: STORM-749
> URL: https://issues.apache.org/jira/browse/STORM-749
> Project: Apache Storm
> Issue Type: Task
> Affects Versions: 0.9.3
> Reporter: Parth Brahmbhatt
> Assignee: Parth Brahmbhatt
> Fix For: 0.10.0
>
>
> I think we can safely get rid of the whole CSRF code. CSRF vulnerability is
> only exposed when websites use session based authentication. In our case we
> only use http authentication so we are not really vulnerable to CSRF attacks.
> Currently the CSRF check only hinders non browser clients.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
