Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-14148

Web UI Framable Page

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.2.0, 1.3.0, 2.0.0
    • Component/s: security, UI
    • Labels:
      None
    • Release Note:
      Hide
      Security fix: Adds protection from clickjacking using X-Frame-Options header.
      This will prevent use of HBase UI in frames. To disable this feature, set the configuration 'hbase.http.filter.xframeoptions.mode' to 'ALLOW' (default is 'DENY').
      Show
      Security fix: Adds protection from clickjacking using X-Frame-Options header. This will prevent use of HBase UI in frames. To disable this feature, set the configuration 'hbase.http.filter.xframeoptions.mode' to 'ALLOW' (default is 'DENY').

      Description

      The web UIs do not include the "X-Frame-Options" header to prevent the pages from being framed from another site.

      Reference:
      https://www.owasp.org/index.php/Clickjacking
      https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
      https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options

        Attachments

        1. HBASE-14148-cleanroom.1.patch
          5 kB
          Gabor Liptak
        2. HBASE-14148-cleanroom.2.patch
          6 kB
          Gabor Liptak
        3. HBASE-14148-cleanroom.3.patch
          6 kB
          Gabor Liptak
        4. HBASE-14148-master.patch
          8 kB
          Apekshit Sharma
        5. HBASE-14148-v2-master.patch
          10 kB
          Apekshit Sharma
        6. HBASE-14148-v3-master.patch
          11 kB
          Apekshit Sharma

          Activity

            People

            • Assignee:
              gliptak Gabor Liptak
              Reporter:
              appy Apekshit Sharma
            • Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: