Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-7870

Fix anonymous access control for advanced UI resources

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      The X-Content-Type header was added in NiFi 1.12.0, which blocks resources in the browser if they do not have the content type added. It appears that some 'advanced UI' resources do not have the content type applied to their resources and are blocked from loading.

      On further inspection, it appears that explicitly disallowing anonymous access has resulted in some static resources in the NiFi advanced UI's WAR checking whether the anonymous user should be able to access them. The anonymous access was intended to be used on the NiFi API endpoints, and not static resources.

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            thenatog Nathan Gough
            thenatog Nathan Gough
            Votes:
            4 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 5.5h
                5.5h

                Slack

                  Issue deployment