Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.4.0, 1.3.1, 1.2.5, 1.1.10, 2.0.0
    • Component/s: security
    • Labels:
      None

      Description

      See OWASP page on why we should clean it up someday:

      https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet

      Here is where we do the redirect:

          @Override
          public void doGet(HttpServletRequest request,
              HttpServletResponse response) throws ServletException, IOException {
            String redirectUrl = request.getScheme() + "://"
              + request.getServerName() + ":" + regionServerInfoPort
              + request.getRequestURI();
            response.sendRedirect(redirectUrl);
          }
        }
      

        Attachments

        1. HBASE-15328.1.patch
          9 kB
          Sean Busbey
        2. HBASE-15328.0.patch
          8 kB
          Sean Busbey

          Issue Links

            Activity

              People

              • Assignee:
                busbey Sean Busbey
                Reporter:
                stack stack
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: