Sean Roberts created AMBARI-23095:
-------------------------------------
Summary: knoxsso.redirect.whitelist.regex should not require a
port number
Key: AMBARI-23095
URL: https://issues.apache.org/jira/browse/AMBARI-23095
Project: Ambari
Issue Type: Bug
Components: stacks
Affects Versions: 2.5.0, trunk, 2.6.2
Reporter: Sean Roberts
The default 'knoxsso.redirect.whitelist.regex' is set to require a port number
meaning it won't work for redirects to normal HTTP and HTTPS on :80 and :443:
https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/knoxsso-topology.xml#L109-L110
{code}
^https?:\/\/(localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$
{code}
Proposal is to make the port optional and validate that anything after the host
or port starts with /.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
