[AMBARI-4337] Document the fact that X-Requested-By HTTP header needs to be passed for non-GET API calls - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Major
Resolution: Done
Affects Version/s: 1.4.2
Fix Version/s: None
Component/s: documentation
Labels:
None

Description

Ambari 1.4.2 added CSRF prevention by default.
This means that non-GET calls now require the "X-Requested-By" header. The API reference doc should be updated to reflect this change.
Also, we should mention that this behavior can be turned off (at the risk of allowing CSRF) by modifying /etc/ambari/conf/ambari.properties and setting api.csrfPrevention.enabled=false.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Yusaku Sako

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 17/Jan/14 20:34

Updated:: 25/Sep/15 18:57

Resolved:: 25/Sep/15 18:57