[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15373756#comment-15373756 ] Jitendra Nath Pandey commented on HDFS-10579: - Ok, committed to branch-2.8, including the dependencies. > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.8.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch, > HDFS-10579.003.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15373453#comment-15373453 ] Larry McCay commented on HDFS-10579: I think that should be it. There isn't some reason to keep it out of 2.8 that I am missing - is there? > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.9.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch, > HDFS-10579.003.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15373375#comment-15373375 ] Jitendra Nath Pandey commented on HDFS-10579: - I committed this to branch-2 only, because the earlier jira HADOOP-12964 was only in branch-2. If we want it in 2.8, following two also must go to 2.8: HADOOP-12964 HADOOP-13352 Are there any other dependencies? > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.9.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch, > HDFS-10579.003.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15372063#comment-15372063 ] Larry McCay commented on HDFS-10579: [~jnp] - do we need this in branch-2.8 as well? > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.9.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch, > HDFS-10579.003.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15372045#comment-15372045 ] Jitendra Nath Pandey commented on HDFS-10579: - I have committed this to trunk and branch-2. Thanks [~anu]. > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.9.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch, > HDFS-10579.003.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15371865#comment-15371865 ] Hudson commented on HDFS-10579: --- SUCCESS: Integrated in Hadoop-trunk-Commit #10075 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/10075/]) HDFS-10579. HDFS web interfaces lack configs for X-FRAME-OPTIONS (jitendra: rev c447efebdb92dcdf3d95e983036f53bfbed2c0b4) * hadoop-hdfs-project/hadoop-hdfs/src/main/resources/hdfs-default.xml * hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/datanode/web/TestDatanodeHttpXFrame.java * hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeHttpServer.java * hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/web/DatanodeHttpServer.java * hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestNameNodeHttpServerXFrame.java * hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.9.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch, > HDFS-10579.003.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15368962#comment-15368962 ] Jitendra Nath Pandey commented on HDFS-10579: - +1 for the latest patch. > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.9.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch, > HDFS-10579.003.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15368798#comment-15368798 ] Anu Engineer commented on HDFS-10579: - Test failures are not related to this patch. > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.9.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch, > HDFS-10579.003.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[
https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15368784#comment-15368784
]
Hadoop QA commented on HDFS-10579:
--
| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m
19s{color} | {color:blue} Docker mode activated. {color} |
| {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m
0s{color} | {color:green} The patch does not contain any @author tags. {color} |
| {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m
0s{color} | {color:green} The patch appears to include 2 new or modified test
files. {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 7m
4s{color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m
51s{color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m
33s{color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m
15s{color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m
18s{color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 2m
5s{color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m
57s{color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m
51s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m
45s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green} 0m
45s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m
28s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m
57s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m
9s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m
0s{color} | {color:green} The patch has no whitespace issues. {color} |
| {color:green}+1{color} | {color:green} xml {color} | {color:green} 0m
2s{color} | {color:green} The patch has no ill-formed XML file. {color} |
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m
54s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m
54s{color} | {color:green} the patch passed {color} |
| {color:red}-1{color} | {color:red} unit {color} | {color:red} 62m 45s{color}
| {color:red} hadoop-hdfs in the patch failed. {color} |
| {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m
22s{color} | {color:green} The patch does not generate ASF License warnings.
{color} |
| {color:black}{color} | {color:black} {color} | {color:black} 83m 49s{color} |
{color:black} {color} |
\\
\\
|| Reason || Tests ||
| Failed junit tests | hadoop.hdfs.server.namenode.TestEditLog |
| | hadoop.hdfs.server.blockmanagement.TestUnderReplicatedBlocks |
\\
\\
|| Subsystem || Report/Notes ||
| Docker | Image:yetus/hadoop:9560f25 |
| JIRA Patch URL |
https://issues.apache.org/jira/secure/attachment/12816924/HDFS-10579.003.patch |
| JIRA Issue | HDFS-10579 |
| Optional Tests | asflicense compile javac javadoc mvninstall mvnsite
unit findbugs checkstyle xml |
| uname | Linux c63a83eed656 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed
Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | /testptch/hadoop/patchprocess/precommit/personality/provided.sh
|
| git revision | trunk / 932aed6 |
| Default Java | 1.8.0_91 |
| findbugs | v3.0.0 |
| unit |
https://builds.apache.org/job/PreCommit-HDFS-Build/16011/artifact/patchprocess/patch-unit-hadoop-hdfs-project_hadoop-hdfs.txt
|
| Test Results |
https://builds.apache.org/job/PreCommit-HDFS-Build/16011/testReport/ |
| modules | C: hadoop-hdfs-project/hadoop-hdfs U:
hadoop-hdfs-project/hadoop-hdfs |
| Console output |
https://builds.apache.org/job/PreCommit-HDFS-Build/16011/console |
| Powered by | Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org |
This message was automatically generated.
> HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
> ---
>
> Key: HDFS-10579
> URL:
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[
https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15368521#comment-15368521
]
Hadoop QA commented on HDFS-10579:
--
| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m
0s{color} | {color:blue} Docker mode activated. {color} |
| {color:red}-1{color} | {color:red} patch {color} | {color:red} 0m 6s{color}
| {color:red} HDFS-10579 does not apply to trunk. Rebase required? Wrong
Branch? See https://wiki.apache.org/hadoop/HowToContribute for help. {color} |
\\
\\
|| Subsystem || Report/Notes ||
| JIRA Patch URL |
https://issues.apache.org/jira/secure/attachment/12816575/HDFS-10579.002.patch |
| JIRA Issue | HDFS-10579 |
| Console output |
https://builds.apache.org/job/PreCommit-HDFS-Build/16010/console |
| Powered by | Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org |
This message was automatically generated.
> HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
> ---
>
> Key: HDFS-10579
> URL: https://issues.apache.org/jira/browse/HDFS-10579
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: datanode, namenode
>Affects Versions: 3.0.0-alpha1
>Reporter: Anu Engineer
>Assignee: Anu Engineer
> Fix For: 2.9.0
>
> Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch
>
>
> This JIRA proposes to extend the work done in HADOOP-12964 and enable a
> configuration value that enables or disables that option. This JIRA will also
> add an ability to pick the right x-frame-option, since right now it looks
> like we have hardcoded that to SAMEORIGIN.
> This allows HDFS to remain backward compatible as required by the branch-2.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15368511#comment-15368511 ] Jitendra Nath Pandey commented on HDFS-10579: - Please annotate getHttpServer method with @VisibleForTesting. It seems to be added only for tests. > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.9.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. This JIRA will also > add an ability to pick the right x-frame-option, since right now it looks > like we have hardcoded that to SAMEORIGIN. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15367032#comment-15367032 ] Anu Engineer commented on HDFS-10579: - [~haibochen] HDFS JIRAs cannot be made sub-tasks of COMMON jiras. I have made this JIRA dependent on the JIRA in common. > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.9.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. This JIRA will also > add an ability to pick the right x-frame-option, since right now it looks > like we have hardcoded that to SAMEORIGIN. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15366916#comment-15366916 ] Larry McCay commented on HDFS-10579: [~anu] - This looks good. I will review the new patches when they arrive as well. Thanks for adding this! > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.9.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. This JIRA will also > add an ability to pick the right x-frame-option, since right now it looks > like we have hardcoded that to SAMEORIGIN. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15366858#comment-15366858 ] Anu Engineer commented on HDFS-10579: - [~haibochen] Thanks for the comments bq. xFrameOption and xFrameOptionIsEnabled (of HttpServer2) are declared as static but used as instance variables. Can you make them non-static? Of course, QuotingInputFilter has to be non-static to access them Just wanted to let you know that I will make this change and post that patch to the new Hadoop Common Jira that I will be creating based on your suggestion. I will tag on that Jira so that you can look at the changes. I should be able to post a patch by EOD. btw, looks like YARN addressed this issue in this patch. https://issues.apache.org/jira/browse/YARN-5076 > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.9.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. This JIRA will also > add an ability to pick the right x-frame-option, since right now it looks > like we have hardcoded that to SAMEORIGIN. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15366764#comment-15366764 ] Haibo Chen commented on HDFS-10579: --- Thanks [~anu] a lot for working on this! I totally did not notice compatibility issues on branch-2. A few comments. 1) xFrameOption and xFrameOptionIsEnabled (of HttpServer2) are declared as static but used as instance variables. Can you make them non-static? Of course, QuotingInputFilter has to be non-static to access them. 2) testHttpResonseContainsXFrameOptions, testHttpResonseContainsDeny and testHttpResonseContainsAllowFrom are the same except the x-frame-option config. You could have a common method that takes x-frame-option as a parameter and does the verification. Then the three test methods can simply call that method with different x-frame-option. 3) The patch touches both HttpServer2 which is in COMMON, and HDFS servers. Can you create a parent jira against COMMON to make HttpServer2 changes, then create a sub task against HDFS of that to make HDFS changes? Other components also uses HttpServer2, such as MR. If needed, we could add more subtasks for each of the components. > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.9.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. This JIRA will also > add an ability to pick the right x-frame-option, since right now it looks > like we have hardcoded that to SAMEORIGIN. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15366700#comment-15366700 ] Anu Engineer commented on HDFS-10579: - Test Failures are not related to this patch. > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 2.9.0 > > Attachments: HDFS-10579.001.patch, HDFS-10579.002.patch > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. This JIRA will also > add an ability to pick the right x-frame-option, since right now it looks > like we have hardcoded that to SAMEORIGIN. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[
https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15365845#comment-15365845
]
Hadoop QA commented on HDFS-10579:
--
| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m
28s{color} | {color:blue} Docker mode activated. {color} |
| {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m
0s{color} | {color:green} The patch does not contain any @author tags. {color} |
| {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m
0s{color} | {color:green} The patch appears to include 4 new or modified test
files. {color} |
| {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m
13s{color} | {color:blue} Maven dependency ordering for branch {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 7m
9s{color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 6m
57s{color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 1m
31s{color} | {color:green} trunk passed {color} |
| {color:red}-1{color} | {color:red} mvnsite {color} | {color:red} 2m
11s{color} | {color:red} hadoop-common in trunk failed. {color} |
| {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m
27s{color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 3m
21s{color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m
50s{color} | {color:green} trunk passed {color} |
| {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m
12s{color} | {color:blue} Maven dependency ordering for patch {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 1m
33s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 7m
2s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green} 7m
2s{color} | {color:green} the patch passed {color} |
| {color:orange}-0{color} | {color:orange} checkstyle {color} | {color:orange}
1m 26s{color} | {color:orange} root: The patch generated 1 new + 523 unchanged
- 0 fixed = 524 total (was 523) {color} |
| {color:red}-1{color} | {color:red} mvnsite {color} | {color:red} 2m
16s{color} | {color:red} hadoop-common in the patch failed. {color} |
| {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m
27s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m
0s{color} | {color:green} The patch has no whitespace issues. {color} |
| {color:green}+1{color} | {color:green} xml {color} | {color:green} 0m
1s{color} | {color:green} The patch has no ill-formed XML file. {color} |
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 4m
26s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m
47s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} unit {color} | {color:green} 9m
16s{color} | {color:green} hadoop-common in the patch passed. {color} |
| {color:red}-1{color} | {color:red} unit {color} | {color:red} 79m 37s{color}
| {color:red} hadoop-hdfs in the patch failed. {color} |
| {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m
24s{color} | {color:green} The patch does not generate ASF License warnings.
{color} |
| {color:black}{color} | {color:black} {color} | {color:black}135m 34s{color} |
{color:black} {color} |
\\
\\
|| Reason || Tests ||
| Failed junit tests |
hadoop.hdfs.server.namenode.TestNameNodeMetadataConsistency |
| Timed out junit tests | org.apache.hadoop.hdfs.TestLeaseRecovery2 |
\\
\\
|| Subsystem || Report/Notes ||
| Docker | Image:yetus/hadoop:9560f25 |
| JIRA Patch URL |
https://issues.apache.org/jira/secure/attachment/12816575/HDFS-10579.002.patch |
| JIRA Issue | HDFS-10579 |
| Optional Tests | asflicense compile javac javadoc mvninstall mvnsite
unit findbugs checkstyle xml |
| uname | Linux cf5b006b3441 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed
Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | /testptch/hadoop/patchprocess/precommit/personality/provided.sh
|
| git revision | trunk / a3f93be |
| Default Java | 1.8.0_91 |
| mvnsite |
https://builds.apache.org/job/PreCommit-HDFS-Build/15999/artifact/patchprocess/branch-mvnsite-hadoop-common-project_hadoop-common.txt
|
| findbugs | v3.0.0 |
| checkstyle |
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[
https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15365645#comment-15365645
]
Hadoop QA commented on HDFS-10579:
--
| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m
24s{color} | {color:blue} Docker mode activated. {color} |
| {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m
0s{color} | {color:green} The patch does not contain any @author tags. {color} |
| {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m
0s{color} | {color:green} The patch appears to include 4 new or modified test
files. {color} |
| {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m
13s{color} | {color:blue} Maven dependency ordering for branch {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 7m
9s{color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 6m
59s{color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 1m
31s{color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m
52s{color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m
29s{color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 3m
10s{color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m
38s{color} | {color:green} trunk passed {color} |
| {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m
11s{color} | {color:blue} Maven dependency ordering for patch {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 1m
26s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 6m
54s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green} 6m
54s{color} | {color:green} the patch passed {color} |
| {color:orange}-0{color} | {color:orange} checkstyle {color} | {color:orange}
1m 28s{color} | {color:orange} root: The patch generated 6 new + 523 unchanged
- 0 fixed = 529 total (was 523) {color} |
| {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m
55s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m
26s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m
0s{color} | {color:green} The patch has no whitespace issues. {color} |
| {color:green}+1{color} | {color:green} xml {color} | {color:green} 0m
1s{color} | {color:green} The patch has no ill-formed XML file. {color} |
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 3m
34s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m
52s{color} | {color:green} the patch passed {color} |
| {color:red}-1{color} | {color:red} unit {color} | {color:red} 8m 23s{color}
| {color:red} hadoop-common in the patch failed. {color} |
| {color:red}-1{color} | {color:red} unit {color} | {color:red} 71m 19s{color}
| {color:red} hadoop-hdfs in the patch failed. {color} |
| {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m
26s{color} | {color:green} The patch does not generate ASF License warnings.
{color} |
| {color:black}{color} | {color:black} {color} | {color:black}122m 15s{color} |
{color:black} {color} |
\\
\\
|| Reason || Tests ||
| Failed junit tests | hadoop.security.TestGroupsCaching |
| | hadoop.hdfs.TestCrcCorruption |
\\
\\
|| Subsystem || Report/Notes ||
| Docker | Image:yetus/hadoop:9560f25 |
| JIRA Patch URL |
https://issues.apache.org/jira/secure/attachment/12816553/HDFS-10579.001.patch |
| JIRA Issue | HDFS-10579 |
| Optional Tests | asflicense compile javac javadoc mvninstall mvnsite
unit findbugs checkstyle xml |
| uname | Linux 91c8352d806a 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed
Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | /testptch/hadoop/patchprocess/precommit/personality/provided.sh
|
| git revision | trunk / a3f93be |
| Default Java | 1.8.0_91 |
| findbugs | v3.0.0 |
| checkstyle |
https://builds.apache.org/job/PreCommit-HDFS-Build/15998/artifact/patchprocess/diff-checkstyle-root.txt
|
| unit |
[jira] [Commented] (HDFS-10579) HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
[ https://issues.apache.org/jira/browse/HDFS-10579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15363348#comment-15363348 ] Anu Engineer commented on HDFS-10579: - [~rkanter] [~haibochen] Tagging both of you to make sure that this JIRA is noticed by you. I will post a patch soon, would appreciate any feedback you might have. > HDFS web interfaces lack configs for X-FRAME-OPTIONS protection > --- > > Key: HDFS-10579 > URL: https://issues.apache.org/jira/browse/HDFS-10579 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode, namenode >Affects Versions: 3.0.0-alpha1 >Reporter: Anu Engineer >Assignee: Anu Engineer > Fix For: 3.0.0-alpha1 > > > This JIRA proposes to extend the work done in HADOOP-12964 and enable a > configuration value that enables or disables that option. This JIRA will also > add an ability to pick the right x-frame-option, since right now it looks > like we have hardcoded that to SAMEORIGIN. > This allows HDFS to remain backward compatible as required by the branch-2. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
