[
https://issues.apache.org/jira/browse/YARN-7338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16208745#comment-16208745
]
Sunil G edited comment on YARN-7338 at 10/18/17 3:07 AM:
---------------------------------------------------------
This patch has filters added to ui2.
Filters are as below
{noformat}
HW12715:sbin sunilgovindan$ curl -i http://localhost:8088/ui2/
HTTP/1.1 200 OK
Date: Wed, 18 Oct 2017 03:04:10 GMT
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 17 Oct 2017 02:27:57 GMT
Content-Type: text/html
Accept-Ranges: bytes
Content-Length: 1691
<!--
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
-->
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>YARN</title>
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="assets/vendor.css"
integrity="sha256-lCLz2smNebqCg8KwPoqcIUS1fQGn32fSE+vvy3S3Pvo=
sha512-1In4fc2mW/nxV0OS62vnarBxhgTwDhw6x5nsJpkOBtfjWoKSwEuT25FUJj/cyEp44FRwu7g/GRZn4931ZVnVoA=="
>
<link rel="stylesheet" href="assets/yarn-ui.css"
integrity="sha256-scb4jyY6hKeJWDNYGFSJwHIO8G6XjxNq4eiMzvwr1rA=
sha512-iWiSfrhgi0TuqPKVh0hHcSncUdiZGw4z0AC5fbgMQcfJzTxQ04nSya55iMASHssvsK6I8S6tQ1DwSjGL5omISQ=="
>
</head>
<body>
<script src="config/configs.env" integrity=""></script>
<script src="assets/vendor.js"></script>
<script src="assets/yarn-ui.js"></script>
</body>
</html>
HW12715:sbin sunilgovindan$
{noformat}
was (Author: sunilg):
This patch has filters added to ui2
> Support same origin policy for cross site scripting prevention.
> ---------------------------------------------------------------
>
> Key: YARN-7338
> URL: https://issues.apache.org/jira/browse/YARN-7338
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: yarn-ui-v2
> Reporter: Vrushali C
> Attachments: YARN-7338.001.patch
>
>
> Opening jira as suggested b [~eyang] on the thread for merging YARN-3368 (new
> web UI) to branch2
> http://mail-archives.apache.org/mod_mbox/hadoop-yarn-dev/201610.mbox/%3ccad++ecmvvqnzqz9ynkvkcxaczdkg50yiofxktgk3mmms9sh...@mail.gmail.com%3E
> ----------
> Ui2 does not seem to support same origin policy for cross site scripting
> prevention.
> The following parameters has no effect for /ui2:
> hadoop.http.cross-origin.enabled = true
> yarn.resourcemanager.webapp.cross-origin.enabled = true
> This is because ui2 is designed as a separate web application. WebFilters
> setup for existing resource manager doesn’t apply to the new web application.
> Please open JIRA to track the security issue and resolve the problem prior to
> backporting this to branch-2.
> This would minimize the risk to open up security hole in branch-2.
> ----------
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
