Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-14148

Web UI Framable Page

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.2.0, 1.3.0, 2.0.0
    • Component/s: security, UI
    • Labels:
      None
    • Release Note:
      Hide
      Security fix: Adds protection from clickjacking using X-Frame-Options header.
      This will prevent use of HBase UI in frames. To disable this feature, set the configuration 'hbase.http.filter.xframeoptions.mode' to 'ALLOW' (default is 'DENY').
      Show
      Security fix: Adds protection from clickjacking using X-Frame-Options header. This will prevent use of HBase UI in frames. To disable this feature, set the configuration 'hbase.http.filter.xframeoptions.mode' to 'ALLOW' (default is 'DENY').

      Description

      The web UIs do not include the "X-Frame-Options" header to prevent the pages from being framed from another site.

      Reference:
      https://www.owasp.org/index.php/Clickjacking
      https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
      https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options

        Attachments

        1. HBASE-14148-v3-master.patch
          11 kB
          Apekshit Sharma
        2. HBASE-14148-v2-master.patch
          10 kB
          Apekshit Sharma
        3. HBASE-14148-master.patch
          8 kB
          Apekshit Sharma
        4. HBASE-14148-cleanroom.3.patch
          6 kB
          Gabor Liptak
        5. HBASE-14148-cleanroom.2.patch
          6 kB
          Gabor Liptak
        6. HBASE-14148-cleanroom.1.patch
          5 kB
          Gabor Liptak

          Activity

            People

            • Assignee:
              gliptak Gabor Liptak
              Reporter:
              appy Apekshit Sharma
            • Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: