Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-12758

Extend CSRF Filter with UserAgent Checks

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 2.8.0, 3.0.0-alpha1
    • security
    • None
    • Reviewed

    Description

      To protect against CSRF attacks, HADOOP-12691 introduces a CSRF filter that will require a specific HTTP header to be sent with every REST API call. This will affect all API consumers from web apps to CLIs and curl.

      Since CSRF is primarily a browser based attack we can try and minimize the impact on non-browser clients.

      This enhancement will provide additional configuration for identifying non-browser useragents and skipping the enforcement of the header requirement for anything identified as a non-browser. This will largely limit the impact to browser based PUT and POST calls when configured appropriately.

      Attachments

        1. HADOOP-12758-001.patch
          7 kB
          Larry McCay
        2. HADOOP-12758-002.patch
          7 kB
          Larry McCay
        3. HADOOP-12758-003.patch
          10 kB
          Larry McCay
        4. HADOOP-12758-004.patch
          12 kB
          Larry McCay

        Issue Links

          relates to

          New Feature - A new feature of the product, which has yet to be developed. HADOOP-12691 Add CSRF Filter for REST APIs to Hadoop Common

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              lmccay Larry McCay
              lmccay Larry McCay
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: