[ https://issues.apache.org/jira/browse/YARN-2528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Eagles updated YARN-2528: ---------------------------------- Attachment: YARN-2528-v2.patch > Cross Origin Filter Http response split vulnerability protection rejects > valid origins > -------------------------------------------------------------------------------------- > > Key: YARN-2528 > URL: https://issues.apache.org/jira/browse/YARN-2528 > Project: Hadoop YARN > Issue Type: Sub-task > Components: timelineserver > Reporter: Jonathan Eagles > Assignee: Jonathan Eagles > Attachments: YARN-2528-v1.patch, YARN-2528-v2-split-header.patch, > YARN-2528-v2.patch > > > URLEncoding is too strong of a protection for HTTP Response Split > Vulnerability protection and major browser reject the encoded Origin. An > adequate protection is simply to remove all CRs LFs as in the case of PHP's > header function. -- This message was sent by Atlassian JIRA (v6.3.4#6332)