diff options
| author | Sean Owen <sowen@cloudera.com> | 2015-02-28 15:23:59 +0000 |
|---|---|---|
| committer | Sean Owen <sowen@cloudera.com> | 2015-02-28 15:23:59 +0000 |
| commit | f91298e2c597e45af461931919372da5d33ae3da (patch) | |
| tree | eccc745898b8bcd5db35ac3ba7767eb44c580854 /core | |
| parent | b36b1bc22ea73669b0f69ed21e77d47fb0a7cd5d (diff) | |
| download | spark-f91298e2c597e45af461931919372da5d33ae3da.tar.gz spark-f91298e2c597e45af461931919372da5d33ae3da.tar.bz2 spark-f91298e2c597e45af461931919372da5d33ae3da.zip | |
SPARK-5983 [WEBUI] Don't respond to HTTP TRACE in HTTP-based UIs
Disallow TRACE HTTP method in servlets
Author: Sean Owen <sowen@cloudera.com>
Closes #4765 from srowen/SPARK-5983 and squashes the following commits:
421b25b [Sean Owen] Disallow TRACE HTTP method in servlets
Diffstat (limited to 'core')
| -rw-r--r-- | core/src/main/scala/org/apache/spark/deploy/history/HistoryServer.scala | 4 | ||||
| -rw-r--r-- | core/src/main/scala/org/apache/spark/ui/JettyUtils.scala | 8 |
2 files changed, 12 insertions, 0 deletions
diff --git a/core/src/main/scala/org/apache/spark/deploy/history/HistoryServer.scala b/core/src/main/scala/org/apache/spark/deploy/history/HistoryServer.scala index fa9bfe5426..af483d560b 100644 --- a/core/src/main/scala/org/apache/spark/deploy/history/HistoryServer.scala +++ b/core/src/main/scala/org/apache/spark/deploy/history/HistoryServer.scala @@ -96,6 +96,10 @@ class HistoryServer( } } } + // SPARK-5983 ensure TRACE is not supported + protected override def doTrace(req: HttpServletRequest, res: HttpServletResponse): Unit = { + res.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED) + } } initialize() diff --git a/core/src/main/scala/org/apache/spark/ui/JettyUtils.scala b/core/src/main/scala/org/apache/spark/ui/JettyUtils.scala index bf4b24e98b..95f254a9ef 100644 --- a/core/src/main/scala/org/apache/spark/ui/JettyUtils.scala +++ b/core/src/main/scala/org/apache/spark/ui/JettyUtils.scala @@ -80,6 +80,10 @@ private[spark] object JettyUtils extends Logging { response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage) } } + // SPARK-5983 ensure TRACE is not supported + protected override def doTrace(req: HttpServletRequest, res: HttpServletResponse): Unit = { + res.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED) + } } } @@ -119,6 +123,10 @@ private[spark] object JettyUtils extends Logging { val newUrl = new URL(new URL(request.getRequestURL.toString), prefixedDestPath).toString response.sendRedirect(newUrl) } + // SPARK-5983 ensure TRACE is not supported + protected override def doTrace(req: HttpServletRequest, res: HttpServletResponse): Unit = { + res.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED) + } } createServletHandler(srcPath, servlet, basePath) } |