[jira] [Comment Edited] (NIFI-6019) Remove Trusted Hostname property from InvokeHTTP processor

Fri, 19 Apr 2019 12:11:24 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-6019?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16822138#comment-16822138
 ] 

Troy Melhase edited comment on NIFI-6019 at 4/19/19 7:10 PM:
-------------------------------------------------------------

Removing the property breaks existing processors.  Left a comment in the PR:

https://github.com/apache/nifi/pull/3436

Not sure the best approach to resolve the header issue.  Perhaps:

- when using dynamic properties to set headers, skip any in a static exclusion 
list (containing "Trusted Name")
- when setting headers, escape the header name to avoid the exception
- clean/remove/migrate any existing instances of the property



was (Author: tmelhase):
Removing the property breaks existing processors.  Left a comment in the PR:

https://github.com/apache/nifi/pull/3441

Not sure the best approach to resolve the header issue.  Perhaps:

- when using dynamic properties to set headers, skip any in a static exclusion 
list (containing "Trusted Name")
- when setting headers, escape the header name to avoid the exception
- clean/remove/migrate any existing instances of the property


> Remove Trusted Hostname property from InvokeHTTP processor
> ----------------------------------------------------------
>
>                 Key: NIFI-6019
>                 URL: https://issues.apache.org/jira/browse/NIFI-6019
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Extensions
>    Affects Versions: 1.8.0
>            Reporter: Andy LoPresto
>            Assignee: Troy Melhase
>            Priority: Major
>              Labels: InvokeHTTP, certificate, hostname, http, security, tls
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> The {{Trusted Hostname}} property in the {{InvokeHTTP}} processor is a legacy 
> property created for a specific use in constrained environments. It now 
> causes more problems than it solves ([mailing list 
> questions|https://lists.apache.org/[email protected]:gte=1d:trusted%20hostname])
>  and should not be provided as it is a security risk. Removing this property 
> and encouraging users to correctly deploy TLS certificates when necessary is 
> the correct path forward. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to