Github user holdenk commented on the pull request:
https://github.com/apache/spark/pull/8745#issuecomment-140205497
I'm definitively not a front-end security person so I'm not sure how
common/bad an attack like this could be. Adding a config to allow the framing
from a specific other domain seems like it would solve the problem. I'm not
super sure if the framing is done on the same domain or different domain (no
longer have an account either of those systems to check).
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
