[HDFS-12158] Secondary Namenode's web interface lack configs for X-FRAME-OPTIONS protection - ASF JIRA

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.9.0, 3.0.0-beta1, 2.8.2
Component/s: namenode
Labels:
None

Target Version/s:

2.8.2
Hadoop Flags:

Reviewed

Description

~~HDFS-10579~~ adds X-FRAME-OPTIONS protection to Namenode and Datanode.
This is also needed for Secondary Namenode as well.

Seondary Namenode misses X-FRAME-OPTIONS protection

[root@f0e12b63907e opt]# curl -I http://127.0.0.1:50090/index.html
HTTP/1.1 200 OK
Cache-Control: no-cache
Expires: Tue, 18 Jul 2017 20:13:53 GMT
Date: Tue, 18 Jul 2017 20:13:53 GMT
Pragma: no-cache
Expires: Tue, 18 Jul 2017 20:13:53 GMT
Date: Tue, 18 Jul 2017 20:13:53 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Last-Modified: Mon, 12 Jun 2017 13:15:41 GMT
Content-Length: 1083
Accept-Ranges: bytes
Server: Jetty(6.1.26)

Primary Namenode offers X-FRAME-OPTIONS protection

[root@f0e12b63907e opt]# curl -I http://127.0.0.1:50070/index.html
HTTP/1.1 200 OK
Cache-Control: no-cache
Expires: Tue, 18 Jul 2017 20:14:04 GMT
Date: Tue, 18 Jul 2017 20:14:04 GMT
Pragma: no-cache
Expires: Tue, 18 Jul 2017 20:14:04 GMT
Date: Tue, 18 Jul 2017 20:14:04 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FRAME-OPTIONS: SAMEORIGIN
Last-Modified: Mon, 12 Jun 2017 13:15:41 GMT
Content-Length: 1079
Accept-Ranges: bytes
Server: Jetty(6.1.26)

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending

Attachments

HDFS-12158.001.patch
19/Jul/17 14:18
3 kB
Mukul Kumar Singh

Activity

People

Assignee:

Mukul Kumar Singh

Reporter:

Mukul Kumar Singh

Votes:

0 Vote for this issue

Watchers:

4 Start watching this issue

Dates

Created:

18/Jul/17 20:21

Updated:

20/Jul/17 18:40

Resolved:

19/Jul/17 17:57