[
https://issues.apache.org/jira/browse/HDFS-9711?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chris Nauroth updated HDFS-9711:
--------------------------------
Attachment: HDFS-9711.002.patch
[~anu], thank you for the code review. I am attaching patch v002 with the
following changes:
# Correct the deprecation warning flagged by pre-commit.
# Add a {{curl}} example to the docs, showing usage of the {{-H}} option to
pass the header.
bq. In {{NamenodeHTTPServer.Java#initWebHdfs}} you might want to log the fact
the CSRF protection is enabled on the Namenode side.
I have been relying on the initialization log message from within
{{RestCsrfPreventionFilter}}, which would cover any daemon that integrates with
the filter. This is what the message looks like:
{code}
16/01/28 12:18:27 INFO http.RestCsrfPreventionFilter: Adding cross-site request
forgery (CSRF) protection, headerName = X-XSRF-HEADER, methodsToIgnore = [GET,
OPTIONS, HEAD, TRACE]
{code}
Is that sufficient, or did you have something else in mind?
> Integrate CSRF prevention filter in WebHDFS.
> --------------------------------------------
>
> Key: HDFS-9711
> URL: https://issues.apache.org/jira/browse/HDFS-9711
> Project: Hadoop HDFS
> Issue Type: New Feature
> Components: datanode, namenode, webhdfs
> Reporter: Chris Nauroth
> Assignee: Chris Nauroth
> Attachments: HDFS-9711.001.patch, HDFS-9711.002.patch
>
>
> HADOOP-12691 introduced a filter in Hadoop Common to help REST APIs guard
> against cross-site request forgery attacks. This issue tracks integration of
> that filter in WebHDFS.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
