[
https://issues.apache.org/jira/browse/HDFS-9711?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15122148#comment-15122148
]
Anu Engineer commented on HDFS-9711:
------------------------------------
+1, ( Non-binding) Thanks for contributing this patch [~cnauroth].
Some nitpicks ( Feel free to ignore them, just wanted to flag it for your
attention.)
# In {{NamenodeHTTPServer.Java#initWebHdfs} you might want to log the fact the
CSRF protection is enabled on the Namenode side.
# In WebHDFS.md, would you please add an example with how the curl commands can
be send when custom header is X-XSRF-HEADER.
> Integrate CSRF prevention filter in WebHDFS.
> --------------------------------------------
>
> Key: HDFS-9711
> URL: https://issues.apache.org/jira/browse/HDFS-9711
> Project: Hadoop HDFS
> Issue Type: New Feature
> Components: datanode, namenode, webhdfs
> Reporter: Chris Nauroth
> Assignee: Chris Nauroth
> Attachments: HDFS-9711.001.patch
>
>
> HADOOP-12691 introduced a filter in Hadoop Common to help REST APIs guard
> against cross-site request forgery attacks. This issue tracks integration of
> that filter in WebHDFS.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
