Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-7870

Fix anonymous access control for advanced UI resources

    XMLWordPrintableJSON

    Details

      Description

      The X-Content-Type header was added in NiFi 1.12.0, which blocks resources in the browser if they do not have the content type added. It appears that some 'advanced UI' resources do not have the content type applied to their resources and are blocked from loading.

      On further inspection, it appears that explicitly disallowing anonymous access has resulted in some static resources in the NiFi advanced UI's WAR checking whether the anonymous user should be able to access them. The anonymous access was intended to be used on the NiFi API endpoints, and not static resources.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                thenatog Nathan Gough
                Reporter:
                thenatog Nathan Gough
              • Votes:
                4 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 5.5h
                  5.5h