Juan Hernandez has posted comments on this change.
Change subject: restapi: Add CSRF protection filter
......................................................................
Patch Set 2:
The JavaScript engine is part of the OpenJDK, and included in the JRE, since
the scripting API was introduced with version 6 of Java.
However, the code isn't assuming that JavaScript is available:
ScriptEngine scriptEngine = scriptManager.getEngineByName("JavaScript");
if (scriptEngine == null) {
log.error(
"Can't create the scripting engine needed to execute trust script \"{}\",
no request
will be trusted.",
trustScriptFile.getAbsolutePath()
);
return;
}
This means that if the JavaScript engine isn't available, for whatever the
reason, the filter will just reject all requests that aren't trusted, as it
does when no trust script is configured.
We need the cookie because session management in JEE is based on cookies, and
we don't want to change that now.
--
To view, visit http://gerrit.ovirt.org/26578
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I68f03eeefe5bcb1956036b4a80fef4400c467346
Gerrit-PatchSet: 2
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Juan Hernandez <juan.hernan...@redhat.com>
Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com>
Gerrit-Reviewer: Juan Hernandez <juan.hernan...@redhat.com>
Gerrit-Reviewer: Michael Pasternak <mishka8...@yahoo.com>
Gerrit-Reviewer: Sandro Bonazzola <sbona...@redhat.com>
Gerrit-Reviewer: Vojtech Szocs <vsz...@redhat.com>
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
