[ https://issues.apache.org/jira/browse/HBASE-15328?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15876213#comment-15876213 ]
Sean Busbey commented on HBASE-15328: ------------------------------------- thanks for the review [~esteban]! > Unvalidated Redirect in HMaster > ------------------------------- > > Key: HBASE-15328 > URL: https://issues.apache.org/jira/browse/HBASE-15328 > Project: HBase > Issue Type: Bug > Components: security > Reporter: stack > Assignee: Sean Busbey > Priority: Minor > Fix For: 2.0.0, 1.4.0, 1.3.1, 1.2.5, 1.1.10 > > Attachments: HBASE-15328.0.patch, HBASE-15328.1.patch > > > See OWASP page on why we should clean it up someday: > https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet > Here is where we do the redirect: > {code} > @Override > public void doGet(HttpServletRequest request, > HttpServletResponse response) throws ServletException, IOException { > String redirectUrl = request.getScheme() + "://" > + request.getServerName() + ":" + regionServerInfoPort > + request.getRequestURI(); > response.sendRedirect(redirectUrl); > } > } > {code} -- This message was sent by Atlassian JIRA (v6.3.15#6346)