[jira] [Commented] (HDFS-12158) Secondary Namenode's web interface lack configs for X-FRAME-OPTIONS protection

Hudson (JIRA) Wed, 19 Jul 2017 11:02:38 -0700

    [ 
https://issues.apache.org/jira/browse/HDFS-12158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16093528#comment-16093528
 ]


Hudson commented on HDFS-12158:
-------------------------------

SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #12033 (See 
[https://builds.apache.org/job/Hadoop-trunk-Commit/12033/])
HDFS-12158. Secondary Namenode's web interface lack configs for (aengineer: rev 
413b23eb04eee24275257ab462133e0818f87449)
* (edit) 
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestNameNodeHttpServerXFrame.java
* (edit) 
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNode.java


> Secondary Namenode's web interface lack configs for X-FRAME-OPTIONS protection
> ------------------------------------------------------------------------------
>
>                 Key: HDFS-12158
>                 URL: https://issues.apache.org/jira/browse/HDFS-12158
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: namenode
>            Reporter: Mukul Kumar Singh
>            Assignee: Mukul Kumar Singh
>         Attachments: HDFS-12158.001.patch
>
>
> HDFS-10579 adds  X-FRAME-OPTIONS  protection to Namenode and Datanode.
> This is also needed for Secondary Namenode as well.
> *Seondary Namenode misses X-FRAME-OPTIONS protection*
> {code}
> [root@f0e12b63907e opt]# curl -I http://127.0.0.1:50090/index.html
> HTTP/1.1 200 OK
> Cache-Control: no-cache
> Expires: Tue, 18 Jul 2017 20:13:53 GMT
> Date: Tue, 18 Jul 2017 20:13:53 GMT
> Pragma: no-cache
> Expires: Tue, 18 Jul 2017 20:13:53 GMT
> Date: Tue, 18 Jul 2017 20:13:53 GMT
> Pragma: no-cache
> Content-Type: text/html; charset=utf-8
> Last-Modified: Mon, 12 Jun 2017 13:15:41 GMT
> Content-Length: 1083
> Accept-Ranges: bytes
> Server: Jetty(6.1.26)
> {code}
> *Primary Namenode offers X-FRAME-OPTIONS protection*
> {code}
> [root@f0e12b63907e opt]# curl -I http://127.0.0.1:50070/index.html
> HTTP/1.1 200 OK
> Cache-Control: no-cache
> Expires: Tue, 18 Jul 2017 20:14:04 GMT
> Date: Tue, 18 Jul 2017 20:14:04 GMT
> Pragma: no-cache
> Expires: Tue, 18 Jul 2017 20:14:04 GMT
> Date: Tue, 18 Jul 2017 20:14:04 GMT
> Pragma: no-cache
> Content-Type: text/html; charset=utf-8
> X-FRAME-OPTIONS: SAMEORIGIN
> Last-Modified: Mon, 12 Jun 2017 13:15:41 GMT
> Content-Length: 1079
> Accept-Ranges: bytes
> Server: Jetty(6.1.26)
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (HDFS-12158) Secondary Namenode's web interface lack configs for X-FRAME-OPTIONS protection

Reply via email to