Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-10855

Document Cross-Site Request Forgery Protection

    XMLWordPrintableJSON

Details

    Description

      Apache NiFi 1.15.0 included significant changes to web application security, including the introduction of Cross-Site Request Forgery protection using Spring Security Filters.

      The CSRF configuration builds on the standard Spring Security Filter and provides a stateless implementation based on the Double Submit Cookie Pattern. The implementation maintains support for REST API access without cookies using the HTTP Authorization header, but documenting the implementation would provide additional background for clients integrating with the REST API.

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. NIFI-9241 Review CORS Security Configuration

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #6805

          Activity

            People

              exceptionfactory David Handermann
              exceptionfactory David Handermann
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 50m
                  50m