[
https://issues.apache.org/jira/browse/YARN-7640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16300750#comment-16300750
]
Mike Yoder commented on YARN-7640:
----------------------------------
What's the use case? What's the default value of Access-Control-Allow-Origin?
How's our implementation stack up against
https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet#Cross_Origin_Resource_Sharing
?
> Retrospect to enable CORS related configs by default in YARN
> ------------------------------------------------------------
>
> Key: YARN-7640
> URL: https://issues.apache.org/jira/browse/YARN-7640
> Project: Hadoop YARN
> Issue Type: Bug
> Components: nodemanager, resourcemanager
> Affects Versions: 3.0.0-beta1
> Reporter: Sunil G
>
> Currently admin has to do below config changes to enable CORS in YARN.
> {code}
> 1. Add org.apache.hadoop.security.HttpCrossOriginFilterInitializer to
> hadoop.http.filter.initializers
> 2. Set hadoop.http.cross-origin.enabled to true
> 3. Set hadoop.http.cross-origin.allowed-methods to GET,HEAD
> 4. Set yarn.nodemanager.webapp.cross-origin.enabled to true
> 5. Set yarn.resourcemanager.webapp.cross-origin.enabled to true
> {code}
> For better handling, we could enable this config by default in YARN.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
