HDFS-12158. Secondary Namenode's web interface lack configs for X-FRAME-OPTIONS protection. Contributed by Mukul Kumar Singh.
This commit is contained in:
parent
04ff412dab
commit
413b23eb04
@ -479,6 +479,16 @@ public void startInfoServer() throws IOException {
|
||||
DFS_SECONDARY_NAMENODE_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY,
|
||||
DFSConfigKeys.DFS_SECONDARY_NAMENODE_KEYTAB_FILE_KEY);
|
||||
|
||||
final boolean xFrameEnabled = conf.getBoolean(
|
||||
DFSConfigKeys.DFS_XFRAME_OPTION_ENABLED,
|
||||
DFSConfigKeys.DFS_XFRAME_OPTION_ENABLED_DEFAULT);
|
||||
|
||||
final String xFrameOptionValue = conf.getTrimmed(
|
||||
DFSConfigKeys.DFS_XFRAME_OPTION_VALUE,
|
||||
DFSConfigKeys.DFS_XFRAME_OPTION_VALUE_DEFAULT);
|
||||
|
||||
builder.configureXFrame(xFrameEnabled).setXFrameOption(xFrameOptionValue);
|
||||
|
||||
infoServer = builder.build();
|
||||
infoServer.setAttribute("secondary.name.node", this);
|
||||
infoServer.setAttribute("name.system.image", checkpointImage);
|
||||
|
@ -18,6 +18,7 @@
|
||||
package org.apache.hadoop.hdfs.server.namenode;
|
||||
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.fs.FileSystem;
|
||||
import org.apache.hadoop.hdfs.DFSConfigKeys;
|
||||
import org.apache.hadoop.hdfs.HdfsConfiguration;
|
||||
import org.apache.hadoop.http.HttpServer2;
|
||||
@ -32,6 +33,7 @@
|
||||
import java.net.InetSocketAddress;
|
||||
import java.net.MalformedURLException;
|
||||
import java.net.URL;
|
||||
import java.net.URI;
|
||||
|
||||
/**
|
||||
* A class to test the XFrameoptions of Namenode HTTP Server. We are not reusing
|
||||
@ -94,4 +96,24 @@ private HttpURLConnection createServerwithXFrame(boolean enabled, String
|
||||
conn.connect();
|
||||
return conn;
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSecondaryNameNodeXFrame() throws IOException {
|
||||
Configuration conf = new HdfsConfiguration();
|
||||
FileSystem.setDefaultUri(conf, "hdfs://localhost:0");
|
||||
|
||||
SecondaryNameNode sn = new SecondaryNameNode(conf);
|
||||
sn.startInfoServer();
|
||||
InetSocketAddress httpAddress = SecondaryNameNode.getHttpAddress(conf);
|
||||
|
||||
URL url = URI.create("http://" + httpAddress.getHostName()
|
||||
+ ":" + httpAddress.getPort()).toURL();
|
||||
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
|
||||
conn.connect();
|
||||
String xfoHeader = conn.getHeaderField("X-FRAME-OPTIONS");
|
||||
Assert.assertTrue("X-FRAME-OPTIONS is absent in the header",
|
||||
xfoHeader != null);
|
||||
Assert.assertTrue(xfoHeader.endsWith(HttpServer2.XFrameOption
|
||||
.SAMEORIGIN.toString()));
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user