[OOZIE-2612] Add CSRF Filter for REST APIs - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: security
Labels:
None

Description

CSRF prevention for REST APIs can be provided through hadoop commons servlet filter. This filter would check for the existence of an expected (configurable) HTTP header - such as X-XSRF-Header. This filter is added into Hadoop 2.8.0, so we might need to wait for sometime.

The fact that CSRF attacks are entirely browser based means that the above approach can ensure that requests are coming from either: applications served by the same origin as the REST API or that there is explicit policy configuration that allows the setting of a header on XmlHttpRequest from another origin.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

OOZIE-2612-00.patch
21/Jul/16 16:43
4 kB
Abhishek Bafna
OOZIE-2612-01.patch
22/Jul/16 12:26
4 kB
Abhishek Bafna

Activity

People

Assignee:: Abhishek Bafna

Reporter:: Abhishek Bafna

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 21/Jul/16 07:23

Updated:: 22/Jul/16 12:26