Github user Leemoonsoo commented on the pull request:
https://github.com/apache/incubator-zeppelin/pull/233#issuecomment-133068255
@djoelz I agree on improving security of Zeppelin.
However, many users uses Zeppelin behind the firewall. For them, forcing
manual configuration of origin is just one more barrier to make Zeppelin up and
running.
And until now, Zeppelin used to allow all by default. And people already
build their infrastructure, deployment scripts with Zeppelin based on this
behavior on docker, cloud services, etc. If default behavior is changing, all
people need to change their stuff. that's what currently happening.
I can see your point that it's worth to bother people take care of security.
However, not making user experience trouble is also important. I'd like to
see more smooth approach.
That's why i suggest "allow all by default" -> "improve autodetect" ->
"deprecate wildcard" -> "remove allow all".
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
