[HADOOP-14908] CrossOriginFilter should trigger regex on more input - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.0.0-beta1
Fix Version/s: 3.1.0
Component/s: common, security
Labels:
None

Description

Currently, CrossOriginFilter.java limits regex matching only if there is an asterisk (*) in the config.

if (allowedOrigin.contains("*")) {

This means that entries such as:

http?://foo.example.com
https://[a-z][0-9].example.com

... and other patterns that succinctly limit the input space need to either be fully expanded or dramatically have their space increased by using an asterisk in order to pass through the filter.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-14908-PR279.patch
28/Sep/17 15:05
21 kB
Johannes Alberti

Issue Links

links to

GitHub Pull Request #278

GitHub Pull Request #279

Activity

People

Assignee:: Johannes Alberti

Reporter:: Allen Wittenauer

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 26/Sep/17 20:40

Updated:: 04/Oct/17 20:30

Resolved:: 03/Oct/17 17:59