Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-14908

CrossOriginFilter should trigger regex on more input

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0-beta1
    • Fix Version/s: 3.1.0
    • Component/s: common, security
    • Labels:
      None

      Description

      Currently, CrossOriginFilter.java limits regex matching only if there is an asterisk (*) in the config.

      if (allowedOrigin.contains("*")) {
      

      This means that entries such as:

      http?://foo.example.com
      https://[a-z][0-9].example.com
      

      ... and other patterns that succinctly limit the input space need to either be fully expanded or dramatically have their space increased by using an asterisk in order to pass through the filter.

        Attachments

          Activity

            People

            • Assignee:
              jalberti Johannes Alberti
              Reporter:
              aw Allen Wittenauer
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: