Details
-
Improvement
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
None
-
None
Description
Apache NiFi 1.15.0 included significant changes to web application security, including the introduction of Cross-Site Request Forgery protection using Spring Security Filters.
The CSRF configuration builds on the standard Spring Security Filter and provides a stateless implementation based on the Double Submit Cookie Pattern. The implementation maintains support for REST API access without cookies using the HTTP Authorization header, but documenting the implementation would provide additional background for clients integrating with the REST API.
Attachments
Issue Links
- is related to
-
NIFI-9241 Review CORS Security Configuration
- Resolved
- links to