[
https://issues.apache.org/jira/browse/HBASE-15187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15160167#comment-15160167
]
stack commented on HBASE-15187:
-------------------------------
Thanks [~jerryhe] for keeping eye on Ted antics ("It takes a village...").
Why are we bringing in this filter [~ted_yu]? [~ashish singhi] just added a
whole frame work over in HBASE-15122 for taking care of this sort of intrusion.
Why does the REST gateway get the treatment and other servlets do not?
> Integrate CSRF prevention filter to REST gateway
> ------------------------------------------------
>
> Key: HBASE-15187
> URL: https://issues.apache.org/jira/browse/HBASE-15187
> Project: HBase
> Issue Type: Bug
> Reporter: Ted Yu
> Assignee: Ted Yu
> Attachments: HBASE-15187.v1.patch, HBASE-15187.v2.patch,
> HBASE-15187.v3.patch, HBASE-15187.v4.patch, HBASE-15187.v5.patch,
> HBASE-15187.v6.patch, HBASE-15187.v7.patch, HBASE-15187.v8.patch
>
>
> HADOOP-12691 introduced a filter in Hadoop Common to help REST APIs guard
> against cross-site request forgery attacks.
> This issue tracks the integration of that filter into HBase REST gateway.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
