diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/webapp/CrossOriginFilter.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/webapp/CrossOriginFilter.java index a9fb3e8..d71175f 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/webapp/CrossOriginFilter.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/webapp/CrossOriginFilter.java @@ -76,6 +76,7 @@ private List allowedMethods = new ArrayList(); private List allowedHeaders = new ArrayList(); private List allowedOrigins = new ArrayList(); + private boolean allowAllOrigins = true; private String maxAge; @Override @@ -171,7 +172,9 @@ private void initializeAllowedOrigins(FilterConfig filterConfig) { } allowedOrigins = Arrays.asList(allowedOriginsConfig.trim().split("\\s*,\\s*")); + allowAllOrigins = allowedOrigins.contains("*"); LOG.info("Allowed Origins: " + StringUtils.join(allowedOrigins, ',')); + LOG.info("Allow All Origins: " + allowAllOrigins); } private void initializeMaxAge(FilterConfig filterConfig) { @@ -199,8 +202,9 @@ static boolean isCrossOrigin(String origin) { return origin != null; } - private boolean isOriginAllowed(String origin) { - return allowedOrigins.contains(origin); + @VisibleForTesting + boolean isOriginAllowed(String origin) { + return allowAllOrigins || allowedOrigins.contains(origin); } private boolean areHeadersAllowed(String accessControlRequestHeaders) { @@ -213,7 +217,7 @@ private boolean areHeadersAllowed(String accessControlRequestHeaders) { private boolean isMethodAllowed(String accessControlRequestMethod) { if (accessControlRequestMethod == null) { - return false; + return true; } return allowedMethods.contains(accessControlRequestMethod); } diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/webapp/TestCrossOriginFilter.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/webapp/TestCrossOriginFilter.java index a29e4a0..f666c21 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/webapp/TestCrossOriginFilter.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/webapp/TestCrossOriginFilter.java @@ -31,6 +31,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.junit.Assert; import org.junit.Test; import static org.mockito.Mockito.when; @@ -66,6 +67,20 @@ public void testSameOrigin() throws ServletException, IOException { } @Test + public void testAllowAllOrigins() throws ServletException, IOException { + + // Setup the configuration settings of the server + Map conf = new HashMap(); + conf.put(CrossOriginFilter.ALLOWED_ORIGINS, "*"); + FilterConfig filterConfig = new FilterConfigTest(conf); + + // Object under test + CrossOriginFilter filter = new CrossOriginFilter(); + filter.init(filterConfig); + Assert.assertTrue(filter.isOriginAllowed("example.org")); + } + + @Test public void testDisallowedOrigin() throws ServletException, IOException { // Setup the configuration settings of the server