[jira] [Updated] (STORM-749) Remove CSRF check from rest API

Rick Kellogg (JIRA) Sun, 04 Oct 2015 18:18:06 -0700

     [ 
https://issues.apache.org/jira/browse/STORM-749?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Rick Kellogg updated STORM-749:
-------------------------------
    Component/s: storm-core

> Remove CSRF check from rest API
> -------------------------------
>
>                 Key: STORM-749
>                 URL: https://issues.apache.org/jira/browse/STORM-749
>             Project: Apache Storm
>          Issue Type: Task
>          Components: storm-core
>    Affects Versions: 0.9.3
>            Reporter: Parth Brahmbhatt
>            Assignee: Parth Brahmbhatt
>             Fix For: 0.10.0
>
>
> I think we can safely get rid of the whole CSRF code. CSRF vulnerability is 
> only exposed when websites use session based authentication. In our case we 
> only use http authentication so we are not really vulnerable to CSRF attacks. 
> Currently the CSRF check only hinders non browser clients.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (STORM-749) Remove CSRF check from rest API

Reply via email to