dongjoon-hyun opened a new pull request, #56573:
URL: https://github.com/apache/spark/pull/56573
### What changes were proposed in this pull request?
When the Master Web UI `/workers/kill` endpoint rejects a decommission
request, return `403 FORBIDDEN` instead of `405 METHOD_NOT_ALLOWED`.
```scala
if (!isDecommissioningRequestAllowed(req)) {
- resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED)
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN)
}
```
### Why are the changes needed?
The request is rejected by policy/origin
(`spark.master.ui.decommission.allow.mode` is `DENY`, or `LOCAL` with a
non-local caller), not because of the HTTP method. `405` means the method is
unsupported and must carry an `Allow` header; `403` ("understood the request
but refuses to authorize it") is the correct code, consistent with
`HttpSecurityFilter` and `JWSFilter` in the same module.
### Does this PR introduce _any_ user-facing change?
Yes. A disallowed `/workers/kill` request now returns `403` instead of `405`.
### How was this patch tested?
Added a test to `MasterWebUISuite` (`DENY` mode) and ran `build/sbt
'core/testOnly *MasterWebUISuite *ReadOnlyMasterWebUISuite'` -- all 11 tests
passed.
### Was this patch authored or co-authored using generative AI tooling?
Generated-by: Claude Code (Claude Opus 4.8)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
