[jira] [Commented] (HADOOP-14908) CrossOriginFilter should trigger regex on more input

Tue, 03 Oct 2017 11:29:21 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-14908?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16190105#comment-16190105
 ] 

Hudson commented on HADOOP-14908:
---------------------------------

SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #13013 (See 
[https://builds.apache.org/job/Hadoop-trunk-Commit/13013/])
HADOOP-14908. CrossOriginFilter should trigger regex on more input (aw: rev 
4d5dd75b607d25adf8b41f7408713dfcea8f5330)
* (edit) 
hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/http/TestCrossOriginFilter.java
* (edit) 
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-site/src/site/markdown/TimelineServer.md
* (edit) 
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/http/CrossOriginFilter.java
* (edit) hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
* (edit) 
hadoop-common-project/hadoop-common/src/site/markdown/HttpAuthentication.md


> CrossOriginFilter should trigger regex on more input
> ----------------------------------------------------
>
>                 Key: HADOOP-14908
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14908
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: common, security
>    Affects Versions: 3.0.0-beta1
>            Reporter: Allen Wittenauer
>            Assignee: Johannes Alberti
>             Fix For: 3.1.0
>
>         Attachments: HADOOP-14908-PR279.patch
>
>
> Currently,  CrossOriginFilter.java limits regex matching only if there is an 
> asterisk (\*) in the config.
> {code}
> if (allowedOrigin.contains("*")) {
> {code}
> This means that entries such as:
> {code}
> http?://foo.example.com
> https://[a-z][0-9].example.com
> {code}
> ... and other patterns that succinctly limit the input space need to either 
> be fully expanded or dramatically have their space increased by using an 
> asterisk in order to pass through the filter.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to