Uploaded image for project: 'Spark'
  1. Spark
  2. SPARK-15440

Add CSRF Filter for REST APIs to Spark

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Resolved
    • Major
    • Resolution: Won't Fix
    • None
    • None
    • Deploy, Spark Core
    • None

    Description

      CSRF prevention for REST APIs can be provided through a common servlet filter. This filter would check for the existence of an custom HTTP header - such as X-XSRF-Header.

      The fact that CSRF attacks are entirely browser based means that the above approach can ensure that requests are coming from either: applications served by the same origin as the REST API or that there is explicit policy configuration that allows the setting of a header on XmlHttpRequest from another origin.

      We have done similar work for Hadoop (https://issues.apache.org/jira/browse/HADOOP-12691) and other components.

      Attachments

        Issue Links

          relates to

          New Feature - A new feature of the product, which has yet to be developed. HADOOP-12691 Add CSRF Filter for REST APIs to Hadoop Common

          • Major - Major loss of function.
          • Resolved
          links to

          Pull request #13218 [Github] Pull Request #13218 (yanboliang)

          Pull request #14052 [Github] Pull Request #14052 (yanboliang)

          Activity

            People

              Unassigned Unassigned
              yanboliang Yanbo Liang
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: