hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-14908) CrossOriginFilter should trigger regex on more input
Date Tue, 03 Oct 2017 18:29:03 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-14908?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16190105#comment-16190105
] 

Hudson commented on HADOOP-14908:
---------------------------------

SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #13013 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/13013/])
HADOOP-14908. CrossOriginFilter should trigger regex on more input (aw: rev 4d5dd75b607d25adf8b41f7408713dfcea8f5330)
* (edit) hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/http/TestCrossOriginFilter.java
* (edit) hadoop-yarn-project/hadoop-yarn/hadoop-yarn-site/src/site/markdown/TimelineServer.md
* (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/http/CrossOriginFilter.java
* (edit) hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
* (edit) hadoop-common-project/hadoop-common/src/site/markdown/HttpAuthentication.md


> CrossOriginFilter should trigger regex on more input
> ----------------------------------------------------
>
>                 Key: HADOOP-14908
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14908
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: common, security
>    Affects Versions: 3.0.0-beta1
>            Reporter: Allen Wittenauer
>            Assignee: Johannes Alberti
>             Fix For: 3.1.0
>
>         Attachments: HADOOP-14908-PR279.patch
>
>
> Currently,  CrossOriginFilter.java limits regex matching only if there is an asterisk
(\*) in the config.
> {code}
> if (allowedOrigin.contains("*")) {
> {code}
> This means that entries such as:
> {code}
> http?://foo.example.com
> https://[a-z][0-9].example.com
> {code}
> ... and other patterns that succinctly limit the input space need to either be fully
expanded or dramatically have their space increased by using an asterisk in order to pass
through the filter.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message