Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-5918

Replace jsonp with a more secure alternative

Agile BoardAttach filesAttach ScreenshotAdd voteVotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • json api, webui

    Description

      We currently use the jsonp technique to bypass CORS check. This practice has many security concerns (see discussions on MESOS-5911) so we should replace it with a better alternative.

      Attachments

        Issue Links

        is related to

        Bug - A problem which impairs or prevents the functions of the product. MESOS-5911 Webui redirection to leader in browser does not work

        • Blocker - Blocks development and/or testing work, production could not run
        • Resolved

        Improvement - An improvement or enhancement to an existing feature or task. MESOS-3796 Mesos Master and Agent http api should support configurable CORS headers

        • Minor - Minor loss of function, or other problem where easy workaround is present.
        • Open
        relates to

        Improvement - An improvement or enhancement to an existing feature or task. MESOS-7826 XSS in JSONP parameter

        • Critical - Crashes, loss of data, severe memory leak.
        • Accepted

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            xujyan Yan Xu
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:

              Slack

                Issue deployment