[
https://issues.apache.org/jira/browse/YARN-4737?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15172067#comment-15172067
]
Varun Vasudev edited comment on YARN-4737 at 2/29/16 4:11 PM:
--------------------------------------------------------------
[~jmaron] - to my knowledge the only web UI that uses the web services call via
javascript is the Tez UI. There is a branch to change the RM UI to use
javascript and web services as well.
However, all of these should be using GET calls only so I suspect they won't be
affected by this change.
was (Author: vvasudev):
[~jmaron] - to my knowledge the only web UI that uses the web services call via
javascript is the Tez UI. However there is a branch to change the RM UI to use
javascript and web services as well.
> Use CSRF Filter in YARN
> -----------------------
>
> Key: YARN-4737
> URL: https://issues.apache.org/jira/browse/YARN-4737
> Project: Hadoop YARN
> Issue Type: Bug
> Components: nodemanager, resourcemanager, webapp
> Reporter: Jonathan Maron
> Assignee: Jonathan Maron
> Attachments: YARN-4737.patch.001
>
>
> A CSRF filter was added to hadoop common
> (https://issues.apache.org/jira/browse/HADOOP-12691). The aim of this JIRA
> is to come up with a mechanism to integrate this filter into the webapps for
> which it is applicable (web apps that may establish an authenticated
> identity). That includes the RM, NM, and mapreduce jobhistory web app.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
