[
https://issues.apache.org/jira/browse/HDFS-17591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17868869#comment-17868869
]
ASF GitHub Bot commented on HDFS-17591:
---------------------------------------
ayushtkn commented on code in PR #6963:
URL: https://github.com/apache/hadoop/pull/6963#discussion_r1692608437
##########
hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/hdfs/server/federation/router/TestRouterHttpServerXFrame.java:
##########
@@ -0,0 +1,62 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership. The ASF
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
under
+ * the License.
+ */
+
+package org.apache.hadoop.hdfs.server.federation.router;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.InetSocketAddress;
+import java.net.URI;
+import java.net.URL;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.hdfs.DFSConfigKeys;
+import org.apache.hadoop.hdfs.HdfsConfiguration;
+import org.apache.hadoop.http.HttpServer2;
+
+/**
+ * A class to test the XFrame options of Router HTTP Server.
+ */
+public class TestRouterHttpServerXFrame {
+
+ @Test
+ public void testRouterXFrame() throws IOException {
+ Configuration conf = new HdfsConfiguration();
+ conf.setBoolean(DFSConfigKeys.DFS_XFRAME_OPTION_ENABLED, true);
+ conf.set(DFSConfigKeys.DFS_XFRAME_OPTION_VALUE, "SAMEORIGIN");
Review Comment:
Can we use ``HttpServer2.XFrameOption.SAMEORIGIN.toString()`` rather than
hardcoding the value?
##########
hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/hdfs/server/federation/router/TestRouterHttpServerXFrame.java:
##########
@@ -0,0 +1,62 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership. The ASF
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
under
+ * the License.
+ */
+
+package org.apache.hadoop.hdfs.server.federation.router;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.InetSocketAddress;
+import java.net.URI;
+import java.net.URL;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.hdfs.DFSConfigKeys;
+import org.apache.hadoop.hdfs.HdfsConfiguration;
+import org.apache.hadoop.http.HttpServer2;
+
+/**
+ * A class to test the XFrame options of Router HTTP Server.
+ */
+public class TestRouterHttpServerXFrame {
+
+ @Test
+ public void testRouterXFrame() throws IOException {
+ Configuration conf = new HdfsConfiguration();
+ conf.setBoolean(DFSConfigKeys.DFS_XFRAME_OPTION_ENABLED, true);
+ conf.set(DFSConfigKeys.DFS_XFRAME_OPTION_VALUE, "SAMEORIGIN");
+
+ Router router = new Router();
+ router.init(conf);
+ router.start();
+
+ InetSocketAddress httpAddress = router.getHttpServerAddress();
+ URL url =
+ URI.create("http://"; + httpAddress.getHostName() + ":" +
httpAddress.getPort()).toURL();
+ HttpURLConnection conn = (HttpURLConnection) url.openConnection();
+ conn.connect();
+
+ String xfoHeader = conn.getHeaderField("X-FRAME-OPTIONS");
+ Assert.assertNotNull("X-FRAME-OPTIONS is absent in the header", xfoHeader);
+
Assert.assertTrue(xfoHeader.endsWith(HttpServer2.XFrameOption.SAMEORIGIN.toString()));
+
+ router.stop();
+ router.close();
Review Comment:
can we have this in ``finally`` block or part of After block?, else if the
test fails after router start, it won't stop/close the router
> RBF: Router should follow X-FRAME-OPTIONS protection setting
> ------------------------------------------------------------
>
> Key: HDFS-17591
> URL: https://issues.apache.org/jira/browse/HDFS-17591
> Project: Hadoop HDFS
> Issue Type: Task
> Reporter: Takanobu Asanuma
> Assignee: Takanobu Asanuma
> Priority: Major
> Labels: pull-request-available
>
> Router UI doesn't have X-FRAME-OPTIONS in its header. Router should load the
> value of dfs.xframe.value.
> This issue is reported by Daiki Mashima.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
