Gabriella Lotz has posted comments on this change. ( http://gerrit.cloudera.org:8080/23657 )
Change subject: [webserver] Restrict UI pages to GET/HEAD methods only ...................................................................... Patch Set 2: (2 comments) http://gerrit.cloudera.org:8080/#/c/23657/1/src/kudu/server/webserver.cc File src/kudu/server/webserver.cc: http://gerrit.cloudera.org:8080/#/c/23657/1/src/kudu/server/webserver.cc@746 PS1, Line 746: r.style_mode() == StyleMode::STYL > How does style mode set to 'STYLED' enforce that page is for display purpos This logic is based on the documented semantics in web_callback_registry.h: // If style_mode is StyleMode::STYLED, the page is meant to be for // people to look at and is styled. If false, it is meant to be for machines to // scrape. Since STYLED pages are for human viewing, they're semantically read-only. So this enforcement rejects PUT/DELETE/POST with HTTP 405 Method Not Allowed. http://gerrit.cloudera.org:8080/#/c/23657/1/src/kudu/server/webserver.cc@749 PS1, Line 749: esp->response_headers["Allow"] = "GET, POST, HEAD, PUT, DE > Just to clarify: OPTIONS method will be still allowed, but it's handled at Yes, you're correct, and this has been addressed. -- To view, visit http://gerrit.cloudera.org:8080/23657 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ie232bd50785bb750ecaa0a7e19403e573ac193eb Gerrit-Change-Number: 23657 Gerrit-PatchSet: 2 Gerrit-Owner: Gabriella Lotz <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Ashwani Raina <[email protected]> Gerrit-Reviewer: Gabriella Lotz <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Comment-Date: Mon, 24 Nov 2025 14:58:31 +0000 Gerrit-HasComments: Yes
