[
https://issues.apache.org/jira/browse/NIFI-5545?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nathan Gough resolved NIFI-5545.
--------------------------------
Resolution: Invalid
Found that this filter interferes with cluster communications. It would require
enumeration with the set of cluster hostnames/origins to be viable. Adds extra
complexity to the code and may not provide enough benefit. Closing.
> Add an Origin/Referer header Jetty filter
> -----------------------------------------
>
> Key: NIFI-5545
> URL: https://issues.apache.org/jira/browse/NIFI-5545
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Security
> Reporter: Nathan Gough
> Assignee: Nathan Gough
> Priority: Minor
> Labels: filter, jetty
>
> Create a new Jetty filter that allows a NiFi administrator to enable
> Origin/Referer HTTP header filtering.
> * If the source origin header does not match the target origin, check the
> referer header.
> * If the referer header does not match the target origin, deny the request.
> * The filter should enabled or disabled using a property in the
> NiFiProperties configuration file.
> * The filter will only be required when NiFi is configured to use HTTPS.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
