Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-8510

CSRF filter blocking requests that contain unrelated cookies

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.14.0
    • 1.14.0
    • Security
    • None

    Description

      The CSRF filter added in NIFI-7870 is blocking requests if ANY cookie is present in a request to NiFi and the NiFI CSRF cookie is not present. This caused a 403 for requests over http on localhost.

      Attachments

        Issue Links

          is caused by

          Bug - A problem which impairs or prevents the functions of the product. NIFI-7870 Fix anonymous access control for advanced UI resources

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved
          links to

          Web Link GitHub Pull Request #5050

          Activity

            People

              thenatog Nathan Gough
              thenatog Nathan Gough
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m