Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-8510

CSRF filter blocking requests that contain unrelated cookies

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.14.0
    • Fix Version/s: 1.14.0
    • Component/s: Security
    • Labels:
      None

      Description

      The CSRF filter added in NIFI-7870 is blocking requests if ANY cookie is present in a request to NiFi and the NiFI CSRF cookie is not present. This caused a 403 for requests over http on localhost.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                thenatog Nathan Gough
                Reporter:
                thenatog Nathan Gough
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m