Details
-
New Feature
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
Reviewed
Description
Cross Frame Scripting (XFS) prevention for UIs can be provided through a common servlet filter. This filter will set the X-Frame-Options HTTP header to DENY unless configured to another valid setting.
There are a number of UIs that could just add this to their filters as well as the Yarn webapp proxy which could add it for all it's proxied UIs - if appropriate.
Attachments
Attachments
Issue Links
- is a clone of
-
HADOOP-12691 Add CSRF Filter for REST APIs to Hadoop Common
- Resolved
- is related to
-
HADOOP-12234 Web UI Framable Page
- Resolved
-
HDFS-10579 HDFS web interfaces lack configs for X-FRAME-OPTIONS protection
- Resolved
- relates to
-
HADOOP-13556 Change Configuration.getPropsWithPrefix to use getProps instead of iterator
- Resolved
- supercedes
-
HADOOP-12234 Web UI Framable Page
- Resolved