AMBARI-3825. Enable CSRF protection by default. (mpapirkovskyy)

commit: a4dee94c54209f5714e2a0a1beee6af99317a394 [log] [tgz]
author: Myroslav Papirkovskyy <mpapyrkovskyy@hortonworks.com> Fri Nov 22 15:38:53 2013 +0200
committer: Myroslav Papirkovskyy <mpapyrkovskyy@hortonworks.com> Fri Nov 22 15:38:53 2013 +0200
tree: 2e0f561a556dfe864f5a8e2d0cc6aaa5d0a1b3b7
parent: 7a6e05ec4925e238e41ede5d1cb71a41adc32ac7 [diff]
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
index b92441b..dd6b66d 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java

@@ -200,7 +200,7 @@
   public static final String CLIENT_API_SSL_KEY_NAME_DEFAULT = "https.key";
   public static final String CLIENT_API_SSL_CRT_NAME_DEFAULT = "https.crt";
 
-  private static final String API_CSRF_PREVENTION_DEFAULT = "false"; //TODO should be set to true for release
+  private static final String API_CSRF_PREVENTION_DEFAULT = "true";
 
   private static final String SRVR_CRT_PASS_FILE_DEFAULT ="pass.txt";
   private static final String SRVR_CRT_PASS_LEN_DEFAULT = "50";
commit	a4dee94c54209f5714e2a0a1beee6af99317a394	[log] [tgz]
author	Myroslav Papirkovskyy <mpapyrkovskyy@hortonworks.com>	Fri Nov 22 15:38:53 2013 +0200
committer	Myroslav Papirkovskyy <mpapyrkovskyy@hortonworks.com>	Fri Nov 22 15:38:53 2013 +0200
tree	2e0f561a556dfe864f5a8e2d0cc6aaa5d0a1b3b7
parent	7a6e05ec4925e238e41ede5d1cb71a41adc32ac7 [diff]