Github user tgravescs commented on the issue:
https://github.com/apache/spark/pull/19419
overall I think the headers are fine, more security the better. I'm not
exactly sure the attack vector with the spark UI though. Normally I would
expect your UI to be on a corporate network and you vpn in, but I guess maybe
if you are running in AWS or similar public cloud and you go somewhere to
access, but I'm not sure what data they can get there or why you would be using
http in the first place but there are lots of setups.
@krishna-pandey do you have specific use case/attack vector in mind here?
I was wondering if there was a more generic way to allow user to specify
desired headers without having a config for each one. Downside to that is its
not as obvious though too so I need to think about that a bit more.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
