Zhijie Shen commented on YARN-2277:

[~jeagles], thanks for the patch. Some more comments:

1. Do you think it is good to have a configuration to enable this feature or 
not? Other users may not want to use this feature, and it's good not to cause 
additional security concern for them.

2. [~vvasudev] pointed it to me that jetty has supported CORS since 7.x.y 
Unfortunately, Hadoop still depends on 6.x.y, hence we're not able to take 
advantage of it. Anyway, you may want to have a look at what it supports:
In addition, I think it's a good idea to support set the CORS headers in a 
filter, and we can reuse it for other APIs in the future. What do you think?

> Add Cross-Origin support to the ATS REST API
> --------------------------------------------
>                 Key: YARN-2277
>                 URL: https://issues.apache.org/jira/browse/YARN-2277
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>            Reporter: Jonathan Eagles
>            Assignee: Jonathan Eagles
>         Attachments: YARN-2277-CORS.patch, YARN-2277-JSONP.patch, 
> YARN-2277-v2.patch, YARN-2277-v3.patch
> As the Application Timeline Server is not provided with built-in UI, it may 
> make sense to enable JSONP or CORS Rest API capabilities to allow for remote 
> UI to access the data directly via javascript without cross side server 
> browser blocks coming into play.
> Example client may be like
> http://api.jquery.com/jQuery.getJSON/ 
> This can alleviate the need to create a local proxy cache.

This message was sent by Atlassian JIRA

Reply via email to